63 lines
1.6 KiB
YAML
63 lines
1.6 KiB
YAML
---
|
|
- name: create nginx ssl directory
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: "{{ nginx_path }}/etc/ssl"
|
|
owner: "{{ podman_user }}"
|
|
group: "{{ podman_user }}"
|
|
mode: 0644
|
|
state: directory
|
|
tags: https
|
|
|
|
- name: stat dhparam
|
|
become: true
|
|
ansible.builtin.stat:
|
|
path: "{{ nginx_path }}/etc/ssl/dhparam.pem"
|
|
register: dhparam
|
|
tags: https
|
|
|
|
- name: generate openssl dhparam for nginx
|
|
become: true
|
|
ansible.builtin.command: |
|
|
openssl dhparam -out {{ nginx_path }}/ssl/dhparam.pem 2048
|
|
when: not dhparam.stat.exists
|
|
args:
|
|
creates: "{{ nginx_path }}/ssl/dhparam.pem"
|
|
tags: https
|
|
|
|
- name: template nginx https sites-available
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: "templates/nginx/sites/{{ item }}.j2"
|
|
dest: "{{ nginx_path }}/etc/sites-available/{{ item }}"
|
|
owner: "{{ podman_user }}"
|
|
group: "{{ podman_user }}"
|
|
mode: 0644
|
|
loop:
|
|
- "{{ ci_server_name }}.https.conf"
|
|
- "{{ parts_server_name }}.https.conf"
|
|
- "{{ photos_server_name }}.https.conf"
|
|
- "{{ bookstack_server_name }}.https.conf"
|
|
notify:
|
|
- restorecon podman
|
|
- restart nginx
|
|
tags: https
|
|
|
|
- name: enable desired nginx https sites
|
|
become: true
|
|
ansible.builtin.file:
|
|
src: "../sites-available/{{ item }}"
|
|
dest: "{{ nginx_path }}/etc/sites-enabled/{{ item }}"
|
|
owner: "{{ podman_user }}"
|
|
group: "{{ podman_user }}"
|
|
state: link
|
|
loop:
|
|
- "{{ ci_server_name }}.https.conf"
|
|
- "{{ parts_server_name }}.https.conf"
|
|
- "{{ photos_server_name }}.https.conf"
|
|
- "{{ bookstack_server_name }}.https.conf"
|
|
notify:
|
|
- restorecon podman
|
|
- restart nginx
|
|
tags: https
|