Refactoring + SSL support

2026-02-24 09:03:29 +07:00 · 2016-01-11 18:20:42 +01:00
parent f64e1f1106
commit 49f11751e6
13 changed files with 186 additions and 89 deletions
--- a/tasks/config.yml
+++ b/tasks/config.yml
@@ -0,0 +1,21 @@
+---
+
+- name: TEMPLATE | Deploy nginx.conf
+  template: >
+    src=etc/nginx/nginx.conf.j2
+    dest=/etc/nginx/nginx.conf
+  notify: reload nginx
+
+- name: TEMPLATE | Deploy all helpers
+  template: >
+    src={{ item }}
+    dest={{ nginx_helper_dir }}/{{ item | basename | regex_replace('\.j2$','') }}
+  with_fileglob: '../templates/etc/nginx/helper/*.j2'
+  notify: reload nginx
+
+- name: TEMPLATE | Deploy custom http configuration
+  template: >
+    src=etc/nginx/conf.d/custom.conf.j2
+    dest=/etc/nginx/conf.d/custom.conf
+  notify: reload nginx
+
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -0,0 +1,13 @@
+---
+
+- name: APT | Install nginx and dependencies
+  apt: >
+    pkg={{ nginx_apt_package }}
+    state=present
+    update_cache=yes
+    cache_valid_time=3600
+    default_release={{ ansible_distribution_release + '-backports' if nginx_backports else ansible_distribution_release }}
+
+- name: APT | Install python-passlib
+  apt: pkg=python-passlib state=present
+
--- a/tasks/legacy.yml
+++ b/tasks/legacy.yml
@@ -1,4 +0,0 @@
---
-
- name: FILE | Remove old directories
-  file: path=/etc/nginx/helpers state=absent
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,51 +1,13 @@
 ---

- name: APT | Install nginx and dependencies
-  apt: >
-    pkg={{ nginx_apt_package }}
-    state=present
-    update_cache=yes
-    cache_valid_time=3600
-    default_release={{ ansible_distribution_release + '-backports' if nginx_backports else ansible_distribution_release }}
+- name: INCLUDE | Install
+  include: install.yml

- name: APT | Install python-passlib
-  apt: pkg=python-passlib state=present
+- name: INCLUDE | Prepare
+  include: prepare.yml

- name: SHELL | Get Nginx version
-  shell: nginx -v 2>&1 | sed -r 's#.*/##;' | cut -d ' ' -f 1
-  register: nginx_version
-  changed_when: false
-
- name: TEMPLATE | Deploy nginx.conf
-  template: >
-    src=etc/nginx/nginx.conf.j2
-    dest=/etc/nginx/nginx.conf
-  notify: reload nginx
-
- name: INCLUDE | Fix legacy
-  include: legacy.yml
-
- name: FILE | Create folders
-  file: dest={{ item }} owner=root mode=0755 state=directory
-  with_items: "{{ nginx_dirs }}"
-
-#- name: COMMAND | Creates DH file
-#  command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }}
-#  args:
-#    creates: "{{ nginx_dh_path }}"
-
- name: TEMPLATE | Deploy all helpers
-  template: >
-    src={{ item }}
-    dest={{ nginx_helper_dir }}/{{ item | basename | regex_replace('\.j2$','') }}
-  with_fileglob: '../templates/etc/nginx/helper/*.j2'
-  notify: reload nginx
-
- name: TEMPLATE | Deploy custom http configuration
-  template: >
-    src=etc/nginx/conf.d/custom.conf.j2
-    dest=/etc/nginx/conf.d/custom.conf
-  notify: reload nginx
+- name: INCLUDE | Install
+  include: config.yml

 - name: INCLUDE | Upstream configuration
  include: upstream.yml
@@ -54,6 +16,9 @@
 - name: INCLUDE | htpasswd configuration
  include: htpasswd.yml

+- name: INCLUDE | Vhosts configuration
+  include: ssl.yml
+
 - name: INCLUDE | Vhosts configuration
  include: vhost.yml

--- a/tasks/prepare.yml
+++ b/tasks/prepare.yml
@@ -0,0 +1,11 @@
+---
+
+- name: SHELL | Get Nginx version
+  shell: nginx -v 2>&1 | sed -r 's#.*/##;' | cut -d ' ' -f 1
+  register: nginx_version
+  changed_when: false
+
+- name: FILE | Create folders
+  file: dest={{ item }} owner=root mode=0755 state=directory
+  with_items: "{{ nginx_dirs }}"
+
--- a/tasks/ssl.yml
+++ b/tasks/ssl.yml
@@ -0,0 +1,33 @@
+---
+
+- name: COMMAND | Creates DH file
+  command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }}
+  args:
+    creates: "{{ nginx_dh_path }}"
+
+- name: FILE | Create SSL directories
+  file: >
+    path="{{ nginx_ssl_dir + '/' + item.name }}"
+    state=directory
+  with_items: nginx_ssl_pairs
+
+- name: COPY | Deploy SSL keys
+  copy: >
+    content="{{ item.key }}"
+    dest="{{ nginx_ssl_dir + '/' + item.name + '/' + item.name + '.key' }}"
+  with_items: nginx_ssl_pairs
+  notify: reload nginx
+
+- name: COPY | Deploy SSL certs
+  copy: >
+    content="{{ item.cert }}"
+    dest="{{ nginx_ssl_dir + '/' + item.name + '/' + item.name + '.crt' }}"
+  with_items: nginx_ssl_pairs
+  notify: reload nginx
+
+#- name: FAIL | Missmatch vhost SSL configuration
+#  fail: msg="FUCK {{ item.name }}"
+#
+#
+#
+#  nginx_ssl_dir + '/' + ssl_name + '/' + ssl_name + '.key'
--- a/tasks/vhost.yml
+++ b/tasks/vhost.yml
@@ -69,19 +69,3 @@
  notify: reload nginx
  when: (item.enable is defined and not item.enable) or (item.delete is defined and item.delete)

-#- name: FILE | Create ssl dir per vhost (if needed)
-#  file: dest=/etc/nginx/ssl/{{ item.name }} owner=root mode=0750 state=directory
-#  with_items: nginx_vhosts
-#  when: item.ssl.use is defined and item.ssl.use
-
-# TODO...
-#- name: COPY | Deploy SSL keys if needed
-#  copy: src=keys/{{ item.name }}/{{ item.name }}.crt dest=/etc/nginx/ssl/{{ item.name }} mode=660
-#  copy: src=keys/{{ item.name }}/{{ item.name }}.key dest=/etc/nginx/ssl/{{ item.name }} mode=660
-#  with_items: nginx_vhosts
-#  when: item.ssl.use and not generatekey
-
-# TODO:
-# - deploy defaults files (index.html/index.php) allready in files/
-# - work with role "ssl_autosign"
-