use certificates role instead of letsencrypt role

2019-11-01 20:02:41 +01:00 · 2019-11-01 20:02:41 +01:00 · 53a4544ba1
commit 53a4544ba1
parent f79fec1356
6 changed files with 27 additions and 2 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
 __pycache__
--- a/filter_plugins/filters.py
+++ b/filter_plugins/filters.py
@ -0,0 +1,17 @@
 #!/usr/bin/env python3
 class FilterModule(object):
 	def filters(self):
 		return {
 				'nginx_vhosts_to_certificates': self.nginx_vhosts_to_certificates
 			}
 	def nginx_vhosts_to_certificates(self, vhosts):
 		certs = {}
 		for i in vhosts.keys():
 			if not vhosts[i]['letsencrypt']:
 				continue
 			certs['nginx_'+i] = {
 					'backend': 'letsencrypt',
 					'san': vhosts[i]['servername']
 				}
 		return certs
--- a/meta/main.yml
+++ b/meta/main.yml
@ -2,3 +2,4 @@
 dependencies:
  - { role: monitoring, when: nginx.monitoring }
  - { role: pki-server, when: nginx.serverpki }
  - certificates
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -5,6 +5,9 @@
  - delete nginx index.nginx-debian.html
  - restart nginx
 - name: debugnginx
  debug: var=certificates
 - name: copy configs
  copy: 
    src: config/ 
--- a/templates/vhost.conf.j2
+++ b/templates/vhost.conf.j2
@ -61,8 +61,8 @@ server {
 	{% endfor %}
 	{% if vhost.letsencrypt|d(False) %}
-		ssl_certificate /etc/ssl/letsencrypt_{{ vhost_name }}_chained.crt;
+		ssl_certificate /etc/ssl/nginx_{{ vhost_name }}.chain.crt;
-		ssl_certificate_key /etc/ssl/private/letsencrypt_{{ vhost_name }}.key;
+		ssl_certificate_key /etc/ssl/private/nginx_{{ vhost_name }}.key;
 		ssl_stapling_verify on;
 		ssl_stapling on;
 	{% endif %}
--- a/vars/main.yml
+++ b/vars/main.yml
@ -3,3 +3,6 @@ monitoring:
  checks:
    local:
      nginx_status: {}
 certificates:
  certs: "{{ nginx.vhosts|nginx_vhosts_to_certificates }}"