Fix typo, only generate cert if necessary
This commit is contained in:
parent
67e428dd41
commit
9781ad8426
@ -34,10 +34,6 @@
|
||||
- { src: "php-cgi.ini", dest: "/etc/php/7.2/cgi/php.ini", mode: "0644" }
|
||||
- name: Set up Apache
|
||||
block:
|
||||
- name: Configure insecure virtual host
|
||||
template:
|
||||
src: apache2-vhost.conf
|
||||
dest: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf"
|
||||
- name: Disable default configuration
|
||||
file:
|
||||
# This is a symlink so who cares
|
||||
@ -82,13 +78,9 @@
|
||||
loop:
|
||||
- "a2enmod rewrite"
|
||||
- "a2enmod ssl"
|
||||
- name: Reload Apache
|
||||
service:
|
||||
name: apache2
|
||||
state: reloaded
|
||||
- name: Register certificates
|
||||
block:
|
||||
- name: Set up our filesystem heirarchy
|
||||
- name: Set up PKI filesystem hierarchy
|
||||
file:
|
||||
path: "{{ item.dir }}"
|
||||
mode: "{{ item.mode }}"
|
||||
@ -116,12 +108,6 @@
|
||||
common_name: "{{ nextcloud_url }}"
|
||||
privatekey_path: /etc/pki/cert/private/{{ nextcloud_url }}.key
|
||||
email_address: "rehashedsalt@cock.li"
|
||||
- name: Create well-known directory
|
||||
file:
|
||||
path: "{{ nextcloud_webroot }}/.well-known/acme-challenge"
|
||||
mode: "0755"
|
||||
recurse: yes
|
||||
state: directory
|
||||
- name: Create challenge for CSR
|
||||
acme_certificate:
|
||||
acme_directory: "https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||
@ -134,23 +120,43 @@
|
||||
fullchain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-fullchain.crt"
|
||||
register: com_challenge
|
||||
- name: Fulfill challenge
|
||||
copy:
|
||||
dest: "{{ nextcloud_webroot }}/{{ com_challenge['challenge_data'][nextcloud_url]['http-01']['resource'] }}"
|
||||
content: "{{ com_challenge['challenge_data'][nextcloud_url]['http-01']['resource_value'] }}"
|
||||
block:
|
||||
- name: Configure insecure virtual host configs
|
||||
template:
|
||||
src: apache2-vhost.conf
|
||||
dest: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf"
|
||||
- name: Reload Apache
|
||||
service:
|
||||
name: apache2
|
||||
state: reloaded
|
||||
- name: Create well-known directory
|
||||
file:
|
||||
path: "{{ nextcloud_webroot }}/.well-known/acme-challenge"
|
||||
mode: "0755"
|
||||
recurse: yes
|
||||
state: directory
|
||||
- name: Copy challenge files
|
||||
copy:
|
||||
dest: "{{ nextcloud_webroot }}/{{ com_challenge['challenge_data'][nextcloud_url]['http-01']['resource'] }}"
|
||||
content: "{{ com_challenge['challenge_data'][nextcloud_url]['http-01']['resource_value'] }}"
|
||||
- name: Create certificate
|
||||
acme_certificate:
|
||||
acme_directory: "https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||
acme_version: 2
|
||||
account_key: /etc/pki/cert/private/account.key
|
||||
csr: "/etc/pki/cert/csr/{{ nextcloud_url }}.csr"
|
||||
dest: "/etc/pki/cert/crt/{{ nextcloud_url }}.crt"
|
||||
fullchain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-fullchain.crt"
|
||||
chain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-intermediate.crt"
|
||||
data: "{{ com_challenge }}"
|
||||
- name: Clean up
|
||||
file:
|
||||
path: "{{ nextcloud_webroot }}/.well-known"
|
||||
state: absent
|
||||
when: com_challenge is changed
|
||||
- name: Create certificate
|
||||
acme_certificate:
|
||||
acme_directory: "https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||
acme_version: 2
|
||||
account_key: /etc/pki/cert/private/account.key
|
||||
csr: "/etc/pki/cert/csr/{{ nextcloud_url }}.csr"
|
||||
dest: "/etc/pki/cert/crt/{{ nextcloud_url }}.crt"
|
||||
fullchain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-fullchain.crt"
|
||||
chain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-intermediate.crt"
|
||||
data: "{{ com_challenge }}"
|
||||
- name: Secure Apache
|
||||
block:
|
||||
- name: Copy over secure configs
|
||||
- name: Copy over virtual host configs
|
||||
template:
|
||||
src: apache2-vhost-ssl.conf
|
||||
dest: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf"
|
||||
|
Loading…
Reference in New Issue
Block a user