use certificates role instead of letsencrypt role

2019-11-01 20:02:41 +01:00 · 2019-11-01 20:02:41 +01:00 · 53a4544ba1
commit 53a4544ba1
parent f79fec1356
6 changed files with 27 additions and 2 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+__pycache__
--- a/filter_plugins/filters.py
+++ b/filter_plugins/filters.py
@ -0,0 +1,17 @@
+#!/usr/bin/env python3
+class FilterModule(object):
+	def filters(self):
+		return {
+				'nginx_vhosts_to_certificates': self.nginx_vhosts_to_certificates
+			}
+
+	def nginx_vhosts_to_certificates(self, vhosts):
+		certs = {}
+		for i in vhosts.keys():
+			if not vhosts[i]['letsencrypt']:
+				continue
+			certs['nginx_'+i] = {
+					'backend': 'letsencrypt',
+					'san': vhosts[i]['servername']
+				}
+		return certs
--- a/meta/main.yml
+++ b/meta/main.yml
@ -2,3 +2,4 @@
 dependencies:
  - { role: monitoring, when: nginx.monitoring }
  - { role: pki-server, when: nginx.serverpki }
+  - certificates
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -5,6 +5,9 @@
  - delete nginx index.nginx-debian.html
  - restart nginx

+- name: debugnginx
+  debug: var=certificates
+
 - name: copy configs
  copy: 
    src: config/ 
--- a/templates/vhost.conf.j2
+++ b/templates/vhost.conf.j2
@ -61,8 +61,8 @@ server {
 	{% endfor %}

 	{% if vhost.letsencrypt|d(False) %}
-		ssl_certificate /etc/ssl/letsencrypt_{{ vhost_name }}_chained.crt;
-		ssl_certificate_key /etc/ssl/private/letsencrypt_{{ vhost_name }}.key;
+		ssl_certificate /etc/ssl/nginx_{{ vhost_name }}.chain.crt;
+		ssl_certificate_key /etc/ssl/private/nginx_{{ vhost_name }}.key;
 		ssl_stapling_verify on;
 		ssl_stapling on;
 	{% endif %}
--- a/vars/main.yml
+++ b/vars/main.yml
@ -3,3 +3,6 @@ monitoring:
  checks:
    local:
      nginx_status: {}
+
+certificates:
+  certs: "{{ nginx.vhosts|nginx_vhosts_to_certificates }}"