Fix typo, only generate cert if necessary

This commit is contained in:
Salt 2020-02-05 23:19:07 -06:00
parent 67e428dd41
commit 9781ad8426

View File

@ -34,10 +34,6 @@
- { src: "php-cgi.ini", dest: "/etc/php/7.2/cgi/php.ini", mode: "0644" } - { src: "php-cgi.ini", dest: "/etc/php/7.2/cgi/php.ini", mode: "0644" }
- name: Set up Apache - name: Set up Apache
block: block:
- name: Configure insecure virtual host
template:
src: apache2-vhost.conf
dest: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf"
- name: Disable default configuration - name: Disable default configuration
file: file:
# This is a symlink so who cares # This is a symlink so who cares
@ -82,13 +78,9 @@
loop: loop:
- "a2enmod rewrite" - "a2enmod rewrite"
- "a2enmod ssl" - "a2enmod ssl"
- name: Reload Apache
service:
name: apache2
state: reloaded
- name: Register certificates - name: Register certificates
block: block:
- name: Set up our filesystem heirarchy - name: Set up PKI filesystem hierarchy
file: file:
path: "{{ item.dir }}" path: "{{ item.dir }}"
mode: "{{ item.mode }}" mode: "{{ item.mode }}"
@ -116,12 +108,6 @@
common_name: "{{ nextcloud_url }}" common_name: "{{ nextcloud_url }}"
privatekey_path: /etc/pki/cert/private/{{ nextcloud_url }}.key privatekey_path: /etc/pki/cert/private/{{ nextcloud_url }}.key
email_address: "rehashedsalt@cock.li" email_address: "rehashedsalt@cock.li"
- name: Create well-known directory
file:
path: "{{ nextcloud_webroot }}/.well-known/acme-challenge"
mode: "0755"
recurse: yes
state: directory
- name: Create challenge for CSR - name: Create challenge for CSR
acme_certificate: acme_certificate:
acme_directory: "https://acme-staging-v02.api.letsencrypt.org/directory" acme_directory: "https://acme-staging-v02.api.letsencrypt.org/directory"
@ -134,23 +120,43 @@
fullchain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-fullchain.crt" fullchain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-fullchain.crt"
register: com_challenge register: com_challenge
- name: Fulfill challenge - name: Fulfill challenge
copy: block:
dest: "{{ nextcloud_webroot }}/{{ com_challenge['challenge_data'][nextcloud_url]['http-01']['resource'] }}" - name: Configure insecure virtual host configs
content: "{{ com_challenge['challenge_data'][nextcloud_url]['http-01']['resource_value'] }}" template:
src: apache2-vhost.conf
dest: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf"
- name: Reload Apache
service:
name: apache2
state: reloaded
- name: Create well-known directory
file:
path: "{{ nextcloud_webroot }}/.well-known/acme-challenge"
mode: "0755"
recurse: yes
state: directory
- name: Copy challenge files
copy:
dest: "{{ nextcloud_webroot }}/{{ com_challenge['challenge_data'][nextcloud_url]['http-01']['resource'] }}"
content: "{{ com_challenge['challenge_data'][nextcloud_url]['http-01']['resource_value'] }}"
- name: Create certificate
acme_certificate:
acme_directory: "https://acme-staging-v02.api.letsencrypt.org/directory"
acme_version: 2
account_key: /etc/pki/cert/private/account.key
csr: "/etc/pki/cert/csr/{{ nextcloud_url }}.csr"
dest: "/etc/pki/cert/crt/{{ nextcloud_url }}.crt"
fullchain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-fullchain.crt"
chain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-intermediate.crt"
data: "{{ com_challenge }}"
- name: Clean up
file:
path: "{{ nextcloud_webroot }}/.well-known"
state: absent
when: com_challenge is changed when: com_challenge is changed
- name: Create certificate
acme_certificate:
acme_directory: "https://acme-staging-v02.api.letsencrypt.org/directory"
acme_version: 2
account_key: /etc/pki/cert/private/account.key
csr: "/etc/pki/cert/csr/{{ nextcloud_url }}.csr"
dest: "/etc/pki/cert/crt/{{ nextcloud_url }}.crt"
fullchain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-fullchain.crt"
chain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-intermediate.crt"
data: "{{ com_challenge }}"
- name: Secure Apache - name: Secure Apache
block: block:
- name: Copy over secure configs - name: Copy over virtual host configs
template: template:
src: apache2-vhost-ssl.conf src: apache2-vhost-ssl.conf
dest: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf" dest: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf"