mirror of
https://github.com/HanXHX/ansible-nginx.git
synced 2026-04-09 12:42:10 +07:00
Fix Ansible Lint
This commit is contained in:
Emilien Mantel
@@ -1,18 +1,18 @@
|
||||
---
|
||||
|
||||
- name: SET_FACT | Assign default...
|
||||
set_fact:
|
||||
ansible.builtin.set_fact:
|
||||
acme_create: []
|
||||
|
||||
- name: STAT | Check if certificates are already installed
|
||||
stat:
|
||||
ansible.builtin.stat:
|
||||
path: "{{ item | nginx_cert_path(nginx_ssl_dir) }}"
|
||||
loop: "{{ nginx_ssl_pairs }}"
|
||||
when: item.acme is defined and item.acme
|
||||
register: acme_installed_certs
|
||||
|
||||
- name: SET_FACT | Assign var with certificates to create
|
||||
set_fact:
|
||||
ansible.builtin.set_fact:
|
||||
acme_create: "{{ acme_create | default([]) + [ (item.item) ] }}"
|
||||
loop: "{{ acme_installed_certs.results }}"
|
||||
when: item.skipped is not defined and (not item.stat.exists or item.stat.size == 0)
|
||||
@@ -21,7 +21,7 @@
|
||||
block:
|
||||
|
||||
- name: TEMPLATE | Create fake site
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: "etc/nginx/conf.d/FAKESITE.conf.j2"
|
||||
dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
|
||||
mode: 0644
|
||||
@@ -31,26 +31,26 @@
|
||||
register: fake_site
|
||||
|
||||
- name: FILE | Delete current site if needed
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_name }}"
|
||||
state: absent
|
||||
loop: "{{ acme_create }}"
|
||||
when: fake_site.changed
|
||||
|
||||
- name: SERVICE | Restart nginx
|
||||
service:
|
||||
ansible.builtin.service:
|
||||
name: nginx
|
||||
state: restarted
|
||||
when: fake_site.changed and ansible_virtualization_type != 'docker'
|
||||
|
||||
- name: COMMAND | Restart nginx
|
||||
command: service nginx restart
|
||||
ansible.builtin.command: service nginx restart
|
||||
args:
|
||||
warn: false
|
||||
when: fake_site.changed and ansible_virtualization_type == 'docker'
|
||||
|
||||
- name: COMMAND | Get certificates
|
||||
command: |
|
||||
ansible.builtin.command: |
|
||||
{{ nginx_acmesh_bin }}
|
||||
--home {{ nginx_acmesh_dir }}
|
||||
--issue{% for s in nginx_sites | nginx_search_by_ssl_name(item.name) | nginx_all_site_names %} -d {{ s }}{% endfor %}
|
||||
@@ -64,12 +64,12 @@
|
||||
no_log: "{{ not nginx_debug_role }}"
|
||||
|
||||
- name: FILE | Create SSL dir per site
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}"
|
||||
loop: "{{ acme_create }}"
|
||||
|
||||
- name: COMMAND | Install certificates
|
||||
command: |
|
||||
ansible.builtin.command: |
|
||||
{{ nginx_acmesh_bin }}
|
||||
--home {{ nginx_acmesh_dir }}
|
||||
--install-cert -d {{ nginx_sites | nginx_search_by_ssl_name(item | nginx_site_name) | nginx_site_name }}
|
||||
@@ -85,17 +85,17 @@
|
||||
rescue:
|
||||
|
||||
- name: FAIL | Explicit
|
||||
fail:
|
||||
ansible.builtin.fail:
|
||||
msg: "Something is bad... Auto crash!"
|
||||
|
||||
always:
|
||||
|
||||
- name: FILE | Delete fake sites
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
|
||||
state: absent
|
||||
loop: "{{ acme_create }}"
|
||||
notify: restart nginx
|
||||
|
||||
- name: META | Flush handlers
|
||||
meta: flush_handlers
|
||||
ansible.builtin.meta: flush_handlers
|
||||
|
||||
@@ -3,26 +3,26 @@
|
||||
- block:
|
||||
|
||||
- name: STAT | Get info about DH file
|
||||
stat:
|
||||
ansible.builtin.stat:
|
||||
path: "{{ nginx_dh_path }}"
|
||||
get_checksum: false
|
||||
register: stat_dh_file
|
||||
|
||||
- name: SHELL | Get info about DH file
|
||||
shell: openssl dhparam -in {{ nginx_dh_path }} -text -noout 2>&1 | awk '/DH Parameters/ { print substr($3, 2) }'
|
||||
ansible.builtin.shell: openssl dhparam -in {{ nginx_dh_path }} -text -noout 2>&1 | awk '/DH Parameters/ { print substr($3, 2) }'
|
||||
changed_when: false
|
||||
register: dh_info
|
||||
when: stat_dh_file.stat.exists
|
||||
|
||||
- name: COMMAND | Generate DH file
|
||||
command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }}
|
||||
ansible.builtin.command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }}
|
||||
when: not stat_dh_file.stat.exists or (dh_info.stdout | int != nginx_dh_length | int)
|
||||
notify: restart nginx
|
||||
|
||||
when: nginx_dh is not string
|
||||
|
||||
- name: COPY | Deploy DH file from vars
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
content: "{{ nginx_dh }}"
|
||||
dest: "{{ nginx_dh_path }}"
|
||||
owner: root
|
||||
@@ -32,7 +32,7 @@
|
||||
notify: restart nginx
|
||||
|
||||
- name: FILE | Create SSL directories
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: "{{ item | nginx_ssl_dir(nginx_ssl_dir) }}"
|
||||
state: directory
|
||||
owner: root
|
||||
@@ -43,7 +43,7 @@
|
||||
no_log: "{{ not nginx_debug_role }}"
|
||||
|
||||
- name: COPY | Deploy SSL keys
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
content: "{{ item.key }}"
|
||||
dest: "{{ item | nginx_key_path(nginx_ssl_dir) }}"
|
||||
owner: root
|
||||
@@ -55,7 +55,7 @@
|
||||
no_log: "{{ not nginx_debug_role }}"
|
||||
|
||||
- name: COPY | Deploy SSL certs
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
content: "{{ item.cert }}"
|
||||
dest: "{{ item | nginx_cert_path(nginx_ssl_dir) }}"
|
||||
owner: root
|
||||
@@ -67,7 +67,7 @@
|
||||
no_log: "{{ not nginx_debug_role }}"
|
||||
|
||||
- name: COMMAND | Create self-signed certificates
|
||||
command: |
|
||||
ansible.builtin.command: |
|
||||
openssl req
|
||||
-new -newkey rsa:2048 -sha256 -days 3650 -nodes -x509
|
||||
-subj '/CN={{ item | nginx_site_name }}'
|
||||
|
||||
Reference in New Issue
Block a user