61 lines
1.4 KiB
YAML
61 lines
1.4 KiB
YAML
---
|
|
- name: flush existing nginx https enabled sites
|
|
become: true
|
|
file:
|
|
path: "/etc/nginx/sites-enabled/{{ item }}"
|
|
state: absent
|
|
with_items:
|
|
- "{{ ci_server_name }}.https.conf"
|
|
notify: restart_nginx
|
|
tags: ssl
|
|
|
|
- meta: flush_handlers
|
|
tags: ssl
|
|
|
|
- name: generate openssl dhparam for nginx
|
|
become: true
|
|
command: |
|
|
openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 2048
|
|
args:
|
|
creates: /etc/ssl/certs/dhparam.pem
|
|
tags: ssl
|
|
|
|
- name: create ssl certificate for ci server
|
|
become: true
|
|
command: |
|
|
certbot certonly --webroot --webroot-path=/srv/http \
|
|
-m {{ ci_server_email }} --agree-tos \
|
|
-d {{ ci_server_name }}
|
|
args:
|
|
creates: "/etc/letsencrypt/live/{{ ci_server_name }}"
|
|
tags: ssl
|
|
|
|
- name: check if certbot certificate was created
|
|
become: true
|
|
stat:
|
|
path: "/etc/letsencrypt/live/{{ ci_server_name }}"
|
|
register: stat_result
|
|
tags: ssl
|
|
|
|
- name: template nginx https sites-available
|
|
become: true
|
|
template:
|
|
src: "templates/nginx/sites/{{ item }}.j2"
|
|
dest: "/etc/nginx/sites-available/{{ item }}"
|
|
mode: 0644
|
|
with_items:
|
|
- "{{ ci_server_name }}.https.conf"
|
|
tags: ssl
|
|
|
|
- name: enable desired nginx https sites
|
|
become: true
|
|
file:
|
|
src: "/etc/nginx/sites-available/{{ item }}"
|
|
dest: "/etc/nginx/sites-enabled/{{ item }}"
|
|
state: link
|
|
with_items:
|
|
- "{{ ci_server_name }}.https.conf"
|
|
notify: restart_nginx
|
|
when: stat_result.stat.exists
|
|
tags: ssl
|