diff --git a/filter_plugins/nginx.py b/filter_plugins/nginx.py index 45d103c..837c360 100644 --- a/filter_plugins/nginx.py +++ b/filter_plugins/nginx.py @@ -10,11 +10,29 @@ def nginx_site_name(site): else: return site['name'] +def nginx_ssl_dir(pair, ssl_dir): + return ssl_dir + '/' + nginx_site_filename(pair) + +def nginx_key_path(pair, ssl_dir): + if pair.has_key('dest_key'): + return pair['dest_key'] + else: + return nginx_ssl_dir(pair, ssl_dir) + '/' + nginx_site_filename(pair) + '.key' + +def nginx_cert_path(pair, ssl_dir): + if pair.has_key('dest_cert'): + return pair['dest_cert'] + else: + return nginx_ssl_dir(pair, ssl_dir) + '/' + nginx_site_filename(pair) + '.crt' + class FilterModule(object): ''' Nginx module ''' def filters(self): return { 'nginx_site_filename': nginx_site_filename, - 'nginx_site_name': nginx_site_name + 'nginx_site_name': nginx_site_name, + 'nginx_ssl_dir': nginx_ssl_dir, + 'nginx_key_path': nginx_key_path, + 'nginx_cert_path': nginx_cert_path } diff --git a/tasks/ssl/standard.yml b/tasks/ssl/standard.yml index 5c65d6d..e02c0c7 100644 --- a/tasks/ssl/standard.yml +++ b/tasks/ssl/standard.yml @@ -30,7 +30,7 @@ - name: FILE | Create SSL directories file: - path: "{{ nginx_ssl_dir + '/' + item | nginx_site_name }}" + path: "{{ item | nginx_ssl_dir(nginx_ssl_dir) }}" state: directory loop: "{{ nginx_ssl_pairs }}" when: item.dest_key is not defined or item.dest_cert is not defined @@ -39,7 +39,7 @@ - name: COPY | Deploy SSL keys copy: content: "{{ item.key }}" - dest: "{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.key' if item.dest_key is not defined else item.dest_key }}" + dest: "{{ item | nginx_key_path(nginx_ssl_dir) }}" mode: 0640 loop: "{{ nginx_ssl_pairs }}" when: item.key is defined @@ -49,7 +49,7 @@ - name: COPY | Deploy SSL certs copy: content: "{{ item.cert }}" - dest: "{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.crt' if item.dest_cert is not defined else item.dest_cert }}" + dest: "{{ item | nginx_cert_path(nginx_ssl_dir) }}" mode: 0644 loop: "{{ nginx_ssl_pairs }}" when: item.cert is defined @@ -61,11 +61,11 @@ openssl req -new -newkey rsa:2048 -sha256 -days 3650 -nodes -x509 -subj '/CN={{ item | nginx_site_name }}' - -keyout {{ item | nginx_site_name + '.key' }} - -out {{ item | nginx_site_name + '.crt' }} + -keyout {{ item | nginx_key_path(nginx_ssl_dir) }} + -out {{ item | nginx_cert_path(nginx_ssl_dir) }} args: - chdir: "{{ nginx_ssl_dir + '/' + item | nginx_site_name }}" - creates: "{{ '/tmp/dummy' if item.force is defined and item.force else nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.crt' }}" + chdir: "{{ item | nginx_ssl_dir(nginx_ssl_dir) }}" + creates: "{{ '/tmp/dummy' if item.force is defined and item.force else item | nginx_cert_path(nginx_ssl_dir) }}" loop: "{{ nginx_ssl_pairs }}" when: item.self_signed is defined notify: restart nginx diff --git a/templates/etc/nginx/sites-available/_base.j2 b/templates/etc/nginx/sites-available/_base.j2 index 4c9a5f2..6e435cf 100644 --- a/templates/etc/nginx/sites-available/_base.j2 +++ b/templates/etc/nginx/sites-available/_base.j2 @@ -41,8 +41,8 @@ {%- endmacro %} {% macro ssl(ssl_name) %} {% for sn in nginx_ssl_pairs if ((sn.name is string and sn.name == ssl_name) or (sn.name.0 == ssl_name)) %} - ssl_certificate {{ nginx_ssl_dir + '/' + ssl_name + '/' + ssl_name + '.crt' if sn.dest_cert is not defined else sn.dest_cert }}; - ssl_certificate_key {{ nginx_ssl_dir + '/' + ssl_name + '/' + ssl_name + '.key' if sn.dest_key is not defined else sn.dest_key }}; + ssl_certificate {{ sn | nginx_cert_path(nginx_ssl_dir) }}; + ssl_certificate_key {{ sn | nginx_key_path(nginx_ssl_dir) }}; {% endfor %} {%- endmacro %} {% macro httpsredirect(name) %}