radityo/ansible-nginx
1
0
Fork 0
mirror of https://github.com/HanXHX/ansible-nginx.git synced 2026-04-09 12:42:10 +07:00
Code Issues Projects Releases Wiki Activity

Compat with modern ansible versions

Browse Source
This commit is contained in:
Emilien Mantel
2019-02-04 21:25:25 +01:00
parent 8218e5c972
commit c399bf35b5
11 changed files with 48 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
tasks/ssl/acme.yml
View File

@@ -7,28 +7,28 @@
- name: STAT | Check if certificates are already installed
stat:
path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt"
with_items: "{{ nginx_ssl_pairs }}"
loop: "{{ nginx_ssl_pairs }}"
when: item.acme is defined and item.acme
register: acme_installed_certs
- name: SET_FACT | Assign var with certificates to create
set_fact:
acme_create: "{{ acme_create | default([]) + [ (item.item) ] }}"
with_items: "{{ acme_installed_certs.results }}"
loop: "{{ acme_installed_certs.results }}"
when: item.skipped is not defined and not item.stat.exists
- name: TEMPLATE | Create fake site
template:
src: "etc/nginx/conf.d/FAKESITE.conf.j2"
dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
with_items: "{{ acme_create }}"
loop: "{{ acme_create }}"
register: fake_site
- name: FILE | Delete current site if needed
file:
path: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_name }}"
state: absent
with_items: "{{ acme_create }}"
loop: "{{ acme_create }}"
when: fake_site.changed
- name: SERVICE | Restart nginx
@@ -47,7 +47,7 @@
shell: '{{ nginx_acmesh_bin }} --issue{% if item.name is string %} -d {{ item.name }}{% else %}{% for name in item.name %} -d {{ name }}{% endfor %}{% endif %} --nginx {% if nginx_acmesh_test %}--test{% endif %}'
args:
creates: "/root/.acme.sh/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
with_items: "{{ acme_create }}"
loop: "{{ acme_create }}"
register: acme_get
failed_when: acme_get.rc != 0 and acme_get.rc != 2
no_log: not nginx_debug_role
@@ -55,13 +55,13 @@
- name: FILE | Create SSL dir per site
file:
path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}"
with_items: "{{ acme_create }}"
loop: "{{ acme_create }}"
- name: SHELL | Install certificates
shell: '{{ nginx_acmesh_bin }} --install-cert -d {{ item | nginx_site_name }} --fullchain-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt --key-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key --reloadcmd "service nginx restart"'
args:
creates: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
with_items: "{{ nginx_ssl_pairs }}"
loop: "{{ nginx_ssl_pairs }}"
when: item.acme is defined and item.acme
notify: restart nginx
@@ -69,4 +69,4 @@
file:
path: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
state: absent
with_items: "{{ acme_create }}"
loop: "{{ acme_create }}"

8
tasks/ssl/main.yml
View File

@@ -1,8 +1,8 @@
---
- name: INCLUDE | standard.yml
include: standard.yml
- name: IMPORT_TASKS | standard.yml
import_tasks: standard.yml
- name: INCLUDE | acme.yml
include: acme.yml
- name: IMPORT_TASKS | acme.yml
import_tasks: acme.yml
when: nginx_acmesh

8
tasks/ssl/standard.yml
View File

@@ -20,7 +20,7 @@
file:
path: "{{ nginx_ssl_dir + '/' + item | nginx_site_name }}"
state: directory
with_items: "{{ nginx_ssl_pairs }}"
loop: "{{ nginx_ssl_pairs }}"
when: item.dest_key is not defined or item.dest_cert is not defined
no_log: not nginx_debug_role
@@ -29,7 +29,7 @@
content: "{{ item.key }}"
dest: "{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.key' if item.dest_key is not defined else item.dest_key }}"
mode: 0640
with_items: "{{ nginx_ssl_pairs }}"
loop: "{{ nginx_ssl_pairs }}"
when: item.key is defined
notify: restart nginx
no_log: not nginx_debug_role
@@ -39,7 +39,7 @@
content: "{{ item.cert }}"
dest: "{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.crt' if item.dest_cert is not defined else item.dest_cert }}"
mode: 0644
with_items: "{{ nginx_ssl_pairs }}"
loop: "{{ nginx_ssl_pairs }}"
when: item.cert is defined
notify: restart nginx
no_log: not nginx_debug_role
@@ -49,7 +49,7 @@
args:
chdir: "{{ nginx_ssl_dir + '/' + item | nginx_site_name }}"
creates: "{% if item.force is defined and item.force %}/tmp/dummy{% else %}{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.crt' }}{% endif %}"
with_items: "{{ nginx_ssl_pairs }}"
loop: "{{ nginx_ssl_pairs }}"
when: item.self_signed is defined
notify: restart nginx
no_log: not nginx_debug_role