From 53a4544ba18aaf73544181f9012e57394e1a8311 Mon Sep 17 00:00:00 2001
From: nd <git@notandy.de>
Date: Fri, 1 Nov 2019 20:02:41 +0100
Subject: [PATCH] use certificates role instead of letsencrypt role

---
 .gitignore                |  1 +
 filter_plugins/filters.py | 17 +++++++++++++++++
 meta/main.yml             |  1 +
 tasks/main.yml            |  3 +++
 templates/vhost.conf.j2   |  4 ++--
 vars/main.yml             |  3 +++
 6 files changed, 27 insertions(+), 2 deletions(-)
 create mode 100644 .gitignore
 create mode 100755 filter_plugins/filters.py

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..bee8a64
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+__pycache__
diff --git a/filter_plugins/filters.py b/filter_plugins/filters.py
new file mode 100755
index 0000000..017d401
--- /dev/null
+++ b/filter_plugins/filters.py
@@ -0,0 +1,17 @@
+#!/usr/bin/env python3
+class FilterModule(object):
+	def filters(self):
+		return {
+				'nginx_vhosts_to_certificates': self.nginx_vhosts_to_certificates
+			}
+
+	def nginx_vhosts_to_certificates(self, vhosts):
+		certs = {}
+		for i in vhosts.keys():
+			if not vhosts[i]['letsencrypt']:
+				continue
+			certs['nginx_'+i] = {
+					'backend': 'letsencrypt',
+					'san': vhosts[i]['servername']
+				}
+		return certs
diff --git a/meta/main.yml b/meta/main.yml
index 3197455..5ea5471 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -2,3 +2,4 @@
 dependencies:
   - { role: monitoring, when: nginx.monitoring }
   - { role: pki-server, when: nginx.serverpki }
+  - certificates
diff --git a/tasks/main.yml b/tasks/main.yml
index 31f247d..59ee353 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -5,6 +5,9 @@
   - delete nginx index.nginx-debian.html
   - restart nginx
 
+- name: debugnginx
+  debug: var=certificates
+
 - name: copy configs
   copy: 
     src: config/ 
diff --git a/templates/vhost.conf.j2 b/templates/vhost.conf.j2
index e6c1a89..840265b 100644
--- a/templates/vhost.conf.j2
+++ b/templates/vhost.conf.j2
@@ -61,8 +61,8 @@ server {
 	{% endfor %}
 
 	{% if vhost.letsencrypt|d(False) %}
-		ssl_certificate /etc/ssl/letsencrypt_{{ vhost_name }}_chained.crt;
-		ssl_certificate_key /etc/ssl/private/letsencrypt_{{ vhost_name }}.key;
+		ssl_certificate /etc/ssl/nginx_{{ vhost_name }}.chain.crt;
+		ssl_certificate_key /etc/ssl/private/nginx_{{ vhost_name }}.key;
 		ssl_stapling_verify on;
 		ssl_stapling on;
 	{% endif %}
diff --git a/vars/main.yml b/vars/main.yml
index 8c06b43..5540178 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -3,3 +3,6 @@ monitoring:
   checks:
     local:
       nginx_status: {}
+
+certificates:
+  certs: "{{ nginx.vhosts|nginx_vhosts_to_certificates }}"