From 33890cacb183b69bf0032fd3dbd41b9c20cab4b1 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Tue, 12 Sep 2023 00:41:07 +0200
Subject: x509/certificates: generic config handling

---
 roles/nginx/vhost/defaults/main.yml | 4 ++++
 roles/nginx/vhost/tasks/main.yml    | 2 ++
 2 files changed, 6 insertions(+)

(limited to 'roles/nginx')

diff --git a/roles/nginx/vhost/defaults/main.yml b/roles/nginx/vhost/defaults/main.yml
index 0eb67b42..834e1e10 100644
--- a/roles/nginx/vhost/defaults/main.yml
+++ b/roles/nginx/vhost/defaults/main.yml
@@ -34,6 +34,10 @@
 #     variant: legacy
 #     hsts: false
 #     certificate_provider: acmetool
+#     certificate_config:
+#       request:
+#         challenge:
+#           http-self-test: false
 #   hostnames:
 #   - static.example.com
 #   extra_directives: |-
diff --git a/roles/nginx/vhost/tasks/main.yml b/roles/nginx/vhost/tasks/main.yml
index 2c1f0f29..5468bcc6 100644
--- a/roles/nginx/vhost/tasks/main.yml
+++ b/roles/nginx/vhost/tasks/main.yml
@@ -4,6 +4,7 @@
   vars:
     x509_certificate_name: "{{ nginx_vhost.name }}"
     x509_certificate_hostnames: "{{ nginx_vhost.hostnames }}"
+    x509_certificate_config: "{{ nginx_vhost.tls.certificate_config | default({}) }}"
     x509_certificate_reload_services:
     - nginx
   include_role:
@@ -43,6 +44,7 @@
     vars:
       x509_certificate_name: "{{ nginx_vhost.name }}"
       x509_certificate_hostnames: "{{ nginx_vhost.hostnames }}"
+      x509_certificate_config: "{{ nginx_vhost.tls.certificate_config | default({}) }}"
       x509_certificate_reload_services:
       - nginx
     include_role:
-- 
cgit v1.2.3