added option to disable monitoring and pki

defaults/main.yml

@@ -3,7 +3,9 @@ resolver:
   - 8.8.4.4
 
 nginx:
-  php: False
+  monitoring: true
-  force_ssl: True
+  serverpki: true
+  php: false
+  force_ssl: true
   upstreams: {}
   vhosts: {}

meta/main.yml

@@ -1,4 +1,4 @@
 ---
 dependencies:
-  - { role: monitoring }
+  - { role: monitoring, when: nginx.monitoring }
-  - { role: pki-server }
+  - { role: pki-server, when: nginx.serverpki }

tasks/main.yml

@@ -73,6 +73,7 @@
     owner: root
     group: root
     mode: 0644
+  when: nginx.monitoring
 
 - name: copy nginx status config
   copy:

templates/ssl_files.j2

@@ -1,7 +1,10 @@
+{% if nginx.serverpki %}
 # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
 ssl_certificate /etc/ssl/{{ inventory_hostname }}.crt;
 ssl_certificate_key /etc/ssl/private/{{ inventory_hostname }}.key;
-## verify chain of trust of OCSP response using Root CA and Intermediate certs
+{% endif %}
+
+# verify chain of trust of OCSP response using Root CA and Intermediate certs
 ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
 
 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits