blob: 9d1393e22b1a9bdeda18fb8ac4fc0093dd554302 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
---
- name: ensure certificate exists (fake it, until you make it)
when: "'tls' in nginx_vhost"
vars:
x509_certificate_name: "{{ nginx_vhost.name }}"
x509_certificate_hostnames: "{{ nginx_vhost.hostnames | default([]) }}"
x509_certificate_config: "{{ nginx_vhost.tls.certificate_config | default({}) }}"
x509_certificate_reload_services:
- nginx
include_role:
name: "x509/{{ nginx_vhost.tls.certificate_provider }}/cert/prepare"
public: true
- name: install nginx configs from template
when: "'template' in nginx_vhost"
template:
src: "{{ nginx_vhost.template }}.conf.j2"
dest: "/etc/nginx/sites-available/{{ nginx_vhost.name }}"
mode: "{{ nginx_vhost.mode | default(omit) }}"
notify: reload nginx
- name: install nginx configs from config data
when: "'content' in nginx_vhost"
copy:
content: "{{ nginx_vhost.content }}"
dest: "/etc/nginx/sites-available/{{ nginx_vhost.name }}"
mode: "{{ nginx_vhost.mode | default(omit) }}"
notify: reload nginx
- name: enable vhost config
file:
src: "../sites-available/{{ nginx_vhost.name }}"
dest: "/etc/nginx/sites-enabled/{{ nginx_vhost.name }}"
state: link
notify: reload nginx
- name: generate acme certificate
when: "'tls' in nginx_vhost"
block:
- name: make sure nginx config has been (re)loaded
meta: flush_handlers
- name: actually request the certificate
vars:
x509_certificate_name: "{{ nginx_vhost.name }}"
x509_certificate_hostnames: "{{ nginx_vhost.hostnames | default([]) }}"
x509_certificate_config: "{{ nginx_vhost.tls.certificate_config | default({}) }}"
x509_certificate_reload_services:
- nginx
include_role:
name: "x509/{{ nginx_vhost.tls.certificate_provider }}/cert/finalize"
|