From 94bd2eabac8373b8389e75c4ecf869c611e46e9b Mon Sep 17 00:00:00 2001
From: nd <git@notandy.de>
Date: Thu, 30 Apr 2020 20:01:35 +0200
Subject: [PATCH] made snake oil certificate option optional

---
 README.md         | 3 +++
 defaults/main.yml | 1 +
 tasks/main.yml    | 2 +-
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index de7aad6..16fbfe8 100644
--- a/README.md
+++ b/README.md
@@ -29,6 +29,9 @@ maps: {}
 # force all traffic on ssl, except letsencrypt challenges
 force_ssl: True
 
+# generate a self signed certificate as default ssl cert
+snakeoil_default: False
+
 # install php-fpm, setup a php-handler upstream and copy a php location snippet to include in configs
 # either "False", "True" or a dict *phpconfig*, see below for definition
 php: False
diff --git a/defaults/main.yml b/defaults/main.yml
index 6c5edcc..bfff1c4 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -6,6 +6,7 @@ nginx:
   monitoring: true
   php: false
   force_ssl: true
+  snakeoil_default: false
   upstreams: {}
   vhosts: {}
   maps: {}
diff --git a/tasks/main.yml b/tasks/main.yml
index c21ea5c..d9702b6 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -8,7 +8,7 @@
     name: certificates
   vars:
     certificates:
-      certs: "{{ {}|combine(selfsigned_cert|from_yaml,  nginx_certs, inventory_certs, recursive=True) }}"
+      certs: "{{ {}|combine( (selfsigned_cert|from_yaml if nginx.snakeoil_default else {}),  nginx_certs, inventory_certs, recursive=True) }}"
 
 - debug:
     verbosity: 1