From 9781ad8426b12899b6bb3290979a893e7393de0f Mon Sep 17 00:00:00 2001 From: Salt Date: Wed, 5 Feb 2020 23:19:07 -0600 Subject: [PATCH] Fix typo, only generate cert if necessary --- roles/nextcloud/tasks/main.yml | 64 +++++++++++++++++++--------------- 1 file changed, 35 insertions(+), 29 deletions(-) diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 3ed3bf4..d3935f8 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -34,10 +34,6 @@ - { src: "php-cgi.ini", dest: "/etc/php/7.2/cgi/php.ini", mode: "0644" } - name: Set up Apache block: - - name: Configure insecure virtual host - template: - src: apache2-vhost.conf - dest: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf" - name: Disable default configuration file: # This is a symlink so who cares @@ -82,13 +78,9 @@ loop: - "a2enmod rewrite" - "a2enmod ssl" - - name: Reload Apache - service: - name: apache2 - state: reloaded - name: Register certificates block: - - name: Set up our filesystem heirarchy + - name: Set up PKI filesystem hierarchy file: path: "{{ item.dir }}" mode: "{{ item.mode }}" @@ -116,12 +108,6 @@ common_name: "{{ nextcloud_url }}" privatekey_path: /etc/pki/cert/private/{{ nextcloud_url }}.key email_address: "rehashedsalt@cock.li" - - name: Create well-known directory - file: - path: "{{ nextcloud_webroot }}/.well-known/acme-challenge" - mode: "0755" - recurse: yes - state: directory - name: Create challenge for CSR acme_certificate: acme_directory: "https://acme-staging-v02.api.letsencrypt.org/directory" @@ -134,23 +120,43 @@ fullchain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-fullchain.crt" register: com_challenge - name: Fulfill challenge - copy: - dest: "{{ nextcloud_webroot }}/{{ com_challenge['challenge_data'][nextcloud_url]['http-01']['resource'] }}" - content: "{{ com_challenge['challenge_data'][nextcloud_url]['http-01']['resource_value'] }}" + block: + - name: Configure insecure virtual host configs + template: + src: apache2-vhost.conf + dest: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf" + - name: Reload Apache + service: + name: apache2 + state: reloaded + - name: Create well-known directory + file: + path: "{{ nextcloud_webroot }}/.well-known/acme-challenge" + mode: "0755" + recurse: yes + state: directory + - name: Copy challenge files + copy: + dest: "{{ nextcloud_webroot }}/{{ com_challenge['challenge_data'][nextcloud_url]['http-01']['resource'] }}" + content: "{{ com_challenge['challenge_data'][nextcloud_url]['http-01']['resource_value'] }}" + - name: Create certificate + acme_certificate: + acme_directory: "https://acme-staging-v02.api.letsencrypt.org/directory" + acme_version: 2 + account_key: /etc/pki/cert/private/account.key + csr: "/etc/pki/cert/csr/{{ nextcloud_url }}.csr" + dest: "/etc/pki/cert/crt/{{ nextcloud_url }}.crt" + fullchain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-fullchain.crt" + chain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-intermediate.crt" + data: "{{ com_challenge }}" + - name: Clean up + file: + path: "{{ nextcloud_webroot }}/.well-known" + state: absent when: com_challenge is changed - - name: Create certificate - acme_certificate: - acme_directory: "https://acme-staging-v02.api.letsencrypt.org/directory" - acme_version: 2 - account_key: /etc/pki/cert/private/account.key - csr: "/etc/pki/cert/csr/{{ nextcloud_url }}.csr" - dest: "/etc/pki/cert/crt/{{ nextcloud_url }}.crt" - fullchain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-fullchain.crt" - chain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-intermediate.crt" - data: "{{ com_challenge }}" - name: Secure Apache block: - - name: Copy over secure configs + - name: Copy over virtual host configs template: src: apache2-vhost-ssl.conf dest: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf"