Initial working commit
This commit is contained in:
Bastian de Byl
59
ansible/roles/http/tasks/ssl.yml
Normal file
59
ansible/roles/http/tasks/ssl.yml
Normal file
@@ -0,0 +1,59 @@
|
||||
---
|
||||
- name: flush existing nginx https enabled sites
|
||||
become: true
|
||||
file:
|
||||
path: "/etc/nginx/sites-enabled/{{ item }}"
|
||||
state: absent
|
||||
with_items:
|
||||
- "{{ ci_server_name }}.https.conf"
|
||||
notify: restart_nginx
|
||||
tags: ssl
|
||||
|
||||
- meta: flush_handlers
|
||||
tags: ssl
|
||||
|
||||
- name: generate openssl dhparam for nginx
|
||||
become: true
|
||||
command: |
|
||||
openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 2048
|
||||
args:
|
||||
creates: /etc/ssl/certs/dhparam.pem
|
||||
tags: ssl
|
||||
|
||||
- name: create ssl certificate for ci server
|
||||
become: true
|
||||
command: |
|
||||
certbot certonly --webroot --webroot-path=/srv/http \
|
||||
-m {{ ci_server_email }} --agree-tos \
|
||||
-d {{ ci_server_name }}
|
||||
args:
|
||||
creates: "/etc/letsencrypt/live/{{ ci_server_name }}"
|
||||
tags: ssl
|
||||
|
||||
- name: check if certbot certificate was created
|
||||
become: true
|
||||
stat:
|
||||
path: "/etc/letsencrypt/live/{{ ci_server_name }}"
|
||||
register: stat_result
|
||||
tags: ssl
|
||||
|
||||
- name: template nginx https sites-available
|
||||
become: true
|
||||
template:
|
||||
src: "templates/nginx/sites/{{ item }}.j2"
|
||||
dest: "/etc/nginx/sites-available/{{ item }}"
|
||||
with_items:
|
||||
- "{{ ci_server_name }}.https.conf"
|
||||
tags: ssl
|
||||
|
||||
- name: enable desired nginx https sites
|
||||
become: true
|
||||
file:
|
||||
src: "/etc/nginx/sites-available/{{ item }}"
|
||||
dest: "/etc/nginx/sites-enabled/{{ item }}"
|
||||
state: link
|
||||
with_items:
|
||||
- "{{ ci_server_name }}.https.conf"
|
||||
notify: restart_nginx
|
||||
when: stat_result.stat.exists
|
||||
tags: ssl
|
||||
Reference in New Issue
Block a user