From cee696e3d272e99fd808aa8f05814412780f8228 Mon Sep 17 00:00:00 2001 From: Guillaume Dott Date: Mon, 18 Apr 2022 01:41:41 +0200 Subject: [PATCH] First commit --- defaults/main.yml | 3 +++ handlers/main.yml | 5 +++++ tasks/main.yml | 57 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 65 insertions(+) create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 tasks/main.yml diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..7a6a3aa --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,3 @@ +--- +use_certbot: true +nginx_conf_filename: "{{ nginx_conf_file | basename }}" diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..c183660 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Restart nginx + service: + name: nginx + state: reloaded diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..c705a4c --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,57 @@ +--- +- name: Install openssl and certbot + apt: + name: + - openssl + - ssl-cert + - certbot + - python3-certbot-nginx + +- name: Add nginx configuration + template: + src: "{{ nginx_conf_file }}" + dest: "/etc/nginx/sites-available/{{ nginx_conf_filename }}" + notify: Restart nginx + when: nginx_conf_file is defined + +- name: Check certbot certificate + stat: + path: /etc/letsencrypt/renewal/{{ nginx_domain }}.conf + register: certbot_renewal_conf + +- when: use_certbot and not certbot_renewal_conf.stat.exists + block: + - name: Modify SSL certificate to use self-signed certificate + lineinfile: + path: "/etc/nginx/sites-available/{{ nginx_conf_filename }}" + regexp: '^(\s+)ssl_certificate ' + line: ' ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;' + + - name: Modify SSL key to use self-signed key + lineinfile: + path: "/etc/nginx/sites-available/{{ nginx_conf_filename }}" + regexp: '^(\s+)ssl_certificate_key ' + line: ' ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;' + +- name: Enable nginx configuration + file: + src: "/etc/nginx/sites-available/{{ nginx_conf_filename }}" + dest: "/etc/nginx/sites-enabled/{{ nginx_conf_filename }}" + state: link + notify: Restart nginx + when: nginx_conf_file is defined + +- name: Force all notified handlers to run at this point, not waiting for normal sync points + meta: flush_handlers + +- when: use_certbot == true and not certbot_renewal_conf.stat.exists + block: + - name: Generate certbot certificate + command: "certbot certonly --nginx -n --agree-tos -m dev@lafourmi-immo.com -d {{ nginx_domain }}" + + - name: Add nginx configuration + template: + src: "{{ nginx_conf_file }}" + dest: "/etc/nginx/sites-available/{{ nginx_conf_filename }}" + notify: Restart nginx + when: nginx_conf_file is defined