40 lines
902 B
YAML
40 lines
902 B
YAML
---
|
|
- name: create nginx ssl directory
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: /etc/nginx/ssl
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
state: directory
|
|
tags: ssl
|
|
|
|
- name: stat dhparam
|
|
become: true
|
|
ansible.builtin.stat:
|
|
path: /etc/nginx/ssl/dhparam.pem
|
|
register: dhparam
|
|
tags: ssl
|
|
|
|
- name: generate openssl dhparam for nginx
|
|
become: true
|
|
ansible.builtin.command: |
|
|
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
|
|
when: not dhparam.stat.exists
|
|
args:
|
|
creates: /etc/nginx/ssl/dhparam.pem
|
|
tags: ssl
|
|
|
|
- name: create ssl certificate for ci server
|
|
become: true
|
|
ansible.builtin.command: |
|
|
certbot certonly --webroot --webroot-path=/srv/http/letsencrypt \
|
|
-m {{ ssl_email }} --agree-tos \
|
|
-d {{ item }}
|
|
args:
|
|
creates: "/etc/letsencrypt/live/{{ item }}"
|
|
loop:
|
|
- "{{ ci_server_name }}"
|
|
- "{{ parts_server_name }}"
|
|
tags: ssl
|