Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

96 lines
3.6 KiB

---
- name: Create dehydrated hook dir
file: path=/etc/dehydrated/hooks_deploy_cert.d/ state=directory
tags: web
- name: Deploy dehydrated deploy hook
copy: src=dehydrated_deploy_hook dest=/etc/dehydrated/hooks_deploy_cert.d/11nginx.sh mode=755
tags: web
- name: Check if Let's Encrypt cert for the default vhost exists
stat: path=/var/lib/dehydrated/certificates/certs/{{ nginx_letsencrypt_cert }}/fullchain.pem
register: nginx_letsencrypt_default_cert
when: nginx_letsencrypt_cert is defined
tags: web
- name: Create directory for the default certificate
file: path=/var/lib/dehydrated/certificates/certs/{{ nginx_letsencrypt_cert }}/ state=directory
when: nginx_letsencrypt_cert is defined
tags: web
- name: Link certificate to the self signed default one
file: src=/etc/nginx/ssl/{{ item.src }}.pem dest=/var/lib/dehydrated/certificates/certs/{{ nginx_letsencrypt_cert }}/{{ item.dest }}.pem state=link
with_items:
- src: cert
dest: fullchain
- src: key
dest: privkey
when:
- nginx_letsencrypt_cert is defined
- nginx_letsencrypt_default_cert.stat is defined
- not nginx_letsencrypt_default_cert.stat.exists
tags: web
- name: Check if Let's Encrypt's cert exist
stat: path=/var/lib/dehydrated/certificates/certs/{{ item.ssl.letsencrypt_cert }}/fullchain.pem
register: nginx_letsencrypt_certs
with_items: "{{ nginx_vhosts }}"
when: item.ssl.letsencrypt_cert is defined
tags: web
- name: Create directories for missing Let's Encrypt cert
file: path=/var/lib/dehydrated/certificates/certs/{{ item.item.ssl.letsencrypt_cert }} state=directory
with_items: "{{ nginx_letsencrypt_certs.results }}"
when:
- item.stat is defined
- not item.stat.exists
tags: web
- name: Link missing Let's Encrypt cert to the default one
file: src={{ nginx_cert_path }} dest=/var/lib/dehydrated/certificates/certs/{{ item.item.ssl.letsencrypt_cert }}/fullchain.pem state=link
with_items: "{{ nginx_letsencrypt_certs.results }}"
when:
- item.stat is defined
- not item.stat.exists
tags: web
- name: Link missing Let's Encrypt key to the default one
file: src={{ nginx_key_path }} dest=/var/lib/dehydrated/certificates/certs/{{ item.item.ssl.letsencrypt_cert }}/privkey.pem state=link
with_items: "{{ nginx_letsencrypt_certs.results }}"
when:
- item.stat is defined
- not item.stat.exists
tags: web
- name: Check if Let's Encrypt's cert exist (auto certificates)
stat: path=/var/lib/dehydrated/certificates/certs/{{ item.name }}/fullchain.pem
register: nginx_letsencrypt_certs
with_items: "{{ nginx_vhosts }}"
when: item.ssl.cert is not defined and item.ssl.letsencrypt_cert is not defined and nginx_auto_letsencrypt_cert
tags: web
- name: Create directories for missing Let's Encrypt cert (auto certificates)
file: path=/var/lib/dehydrated/certificates/certs/{{ item.item.name }} state=directory
with_items: "{{ nginx_letsencrypt_certs.results }}"
when:
- item.stat is defined
- not item.stat.exists
tags: web
- name: Link missing Let's Encrypt cert to the default one (auto certificates)
file: src={{ nginx_cert_path }} dest=/var/lib/dehydrated/certificates/certs/{{ item.item.name }}/fullchain.pem state=link
with_items: "{{ nginx_letsencrypt_certs.results }}"
when:
- item.stat is defined
- not item.stat.exists
tags: web
- name: Link missing Let's Encrypt key to the default one (auto certificates)
file: src={{ nginx_key_path }} dest=/var/lib/dehydrated/certificates/certs/{{ item.item.name }}/privkey.pem state=link
with_items: "{{ nginx_letsencrypt_certs.results }}"
when:
- item.stat is defined
- not item.stat.exists
tags: web