made snake oil certificate option optional

2020-04-30 20:01:35 +02:00 · 2020-04-30 20:01:35 +02:00 · 94bd2eabac
commit 94bd2eabac
parent 6781423adf
3 changed files with 5 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -29,6 +29,9 @@ maps: {}
 # force all traffic on ssl, except letsencrypt challenges
 force_ssl: True

+# generate a self signed certificate as default ssl cert
+snakeoil_default: False
+
 # install php-fpm, setup a php-handler upstream and copy a php location snippet to include in configs
 # either "False", "True" or a dict *phpconfig*, see below for definition
 php: False
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -6,6 +6,7 @@ nginx:
  monitoring: true
  php: false
  force_ssl: true
+  snakeoil_default: false
  upstreams: {}
  vhosts: {}
  maps: {}
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -8,7 +8,7 @@
    name: certificates
  vars:
    certificates:
-      certs: "{{ {}|combine(selfsigned_cert|from_yaml,  nginx_certs, inventory_certs, recursive=True) }}"
+      certs: "{{ {}|combine( (selfsigned_cert|from_yaml if nginx.snakeoil_default else {}),  nginx_certs, inventory_certs, recursive=True) }}"

 - debug:
    verbosity: 1