diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..bee8a64 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +__pycache__ diff --git a/filter_plugins/filters.py b/filter_plugins/filters.py new file mode 100755 index 0000000..017d401 --- /dev/null +++ b/filter_plugins/filters.py @@ -0,0 +1,17 @@ +#!/usr/bin/env python3 +class FilterModule(object): + def filters(self): + return { + 'nginx_vhosts_to_certificates': self.nginx_vhosts_to_certificates + } + + def nginx_vhosts_to_certificates(self, vhosts): + certs = {} + for i in vhosts.keys(): + if not vhosts[i]['letsencrypt']: + continue + certs['nginx_'+i] = { + 'backend': 'letsencrypt', + 'san': vhosts[i]['servername'] + } + return certs diff --git a/meta/main.yml b/meta/main.yml index 3197455..5ea5471 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -2,3 +2,4 @@ dependencies: - { role: monitoring, when: nginx.monitoring } - { role: pki-server, when: nginx.serverpki } + - certificates diff --git a/tasks/main.yml b/tasks/main.yml index 31f247d..59ee353 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -5,6 +5,9 @@ - delete nginx index.nginx-debian.html - restart nginx +- name: debugnginx + debug: var=certificates + - name: copy configs copy: src: config/ diff --git a/templates/vhost.conf.j2 b/templates/vhost.conf.j2 index e6c1a89..840265b 100644 --- a/templates/vhost.conf.j2 +++ b/templates/vhost.conf.j2 @@ -61,8 +61,8 @@ server { {% endfor %} {% if vhost.letsencrypt|d(False) %} - ssl_certificate /etc/ssl/letsencrypt_{{ vhost_name }}_chained.crt; - ssl_certificate_key /etc/ssl/private/letsencrypt_{{ vhost_name }}.key; + ssl_certificate /etc/ssl/nginx_{{ vhost_name }}.chain.crt; + ssl_certificate_key /etc/ssl/private/nginx_{{ vhost_name }}.key; ssl_stapling_verify on; ssl_stapling on; {% endif %} diff --git a/vars/main.yml b/vars/main.yml index 8c06b43..5540178 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -3,3 +3,6 @@ monitoring: checks: local: nginx_status: {} + +certificates: + certs: "{{ nginx.vhosts|nginx_vhosts_to_certificates }}"