Merge from staging (#65)
Main changes: - Rewritten way of creating HTTPS hosts. Prevents creating HTTPS vhost without existing certificate. - Break out conditions into a list. Co-authored-by: meaz <meaz@disroot.org> Reviewed-on: #65 Reviewed-by: meaz <meaz@no-reply@disroot.org>
This commit is contained in:
parent
8643f53288
commit
57cfc4d442
1 changed files with 76 additions and 9 deletions
|
|
@ -3,19 +3,44 @@
|
||||||
slurp:
|
slurp:
|
||||||
src: "/var/lib/tor/{{ item.name }}/hostname"
|
src: "/var/lib/tor/{{ item.name }}/hostname"
|
||||||
register: "onion_address"
|
register: "onion_address"
|
||||||
when: item.onion is defined and item.onion == 'true'
|
when:
|
||||||
|
- item.onion is defined
|
||||||
|
- item.onion == 'true'
|
||||||
|
|
||||||
- name: "[NGINX] - Set fact"
|
- name: "[NGINX] - Set fact"
|
||||||
set_fact:
|
set_fact:
|
||||||
enable_tor: 'false'
|
enable_tor: 'false'
|
||||||
|
|
||||||
|
- name: "[NGINX] - Check if the certificate for the vhost exists"
|
||||||
|
stat:
|
||||||
|
path: '{{ nginx_ssl_dir }}/{{ item.name }}/privkey.pem'
|
||||||
|
register: cert_exists
|
||||||
|
when:
|
||||||
|
- item.ssl_name is defined
|
||||||
|
|
||||||
- name: "[NGINX] - Create vhosts"
|
- name: "[NGINX] - Create HTTPS vhosts"
|
||||||
template:
|
template:
|
||||||
src: etc/nginx/sites-available/{{ item.template }}.j2
|
src: etc/nginx/sites-available/{{ item.template }}.j2
|
||||||
dest: "{{ nginx_etc_dir }}/sites-available/{{ item.name }}"
|
dest: "{{ nginx_etc_dir }}/sites-available/{{ item.name }}"
|
||||||
notify:
|
notify:
|
||||||
- reload nginx
|
- reload nginx
|
||||||
when: item.state is defined and item.state != 'delete'
|
when:
|
||||||
|
- item.ssl_name is defined
|
||||||
|
- cert_exists is defined
|
||||||
|
- cert_exists.stat.exists
|
||||||
|
- item.state is defined
|
||||||
|
- item.state != 'delete'
|
||||||
|
|
||||||
|
- name: "[NGINX] - Create HTTP vhosts"
|
||||||
|
template:
|
||||||
|
src: etc/nginx/sites-available/{{ item.template }}.j2
|
||||||
|
dest: "{{ nginx_etc_dir }}/sites-available/{{ item.name }}"
|
||||||
|
notify:
|
||||||
|
- reload nginx
|
||||||
|
when:
|
||||||
|
- item.ssl_name is not defined
|
||||||
|
- item.state is defined
|
||||||
|
- item.state != 'delete'
|
||||||
|
|
||||||
- name: "[NGINX] - Delete vhosts"
|
- name: "[NGINX] - Delete vhosts"
|
||||||
file:
|
file:
|
||||||
|
|
@ -23,16 +48,35 @@
|
||||||
state: absent
|
state: absent
|
||||||
notify:
|
notify:
|
||||||
- reload nginx
|
- reload nginx
|
||||||
when: item.state is defined and item.state == 'delete'
|
when:
|
||||||
|
- item.state is defined
|
||||||
|
- item.state == 'delete'
|
||||||
|
|
||||||
- name: "[NGINX] - Enable vhosts"
|
- name: "[NGINX] - Enable HTTPS vhosts"
|
||||||
file:
|
file:
|
||||||
src: "{{ nginx_etc_dir }}/sites-available/{{ item.name }}"
|
src: "{{ nginx_etc_dir }}/sites-available/{{ item.name }}"
|
||||||
dest: "{{ nginx_etc_dir }}/sites-enabled/{{ item.name }}"
|
dest: "{{ nginx_etc_dir }}/sites-enabled/{{ item.name }}"
|
||||||
state: link
|
state: link
|
||||||
notify:
|
notify:
|
||||||
- reload nginx
|
- reload nginx
|
||||||
when: item.state is defined and item.state == 'enable'
|
when:
|
||||||
|
- item.ssl_name is defined
|
||||||
|
- cert_exists is defined
|
||||||
|
- cert_exists.stat.exists
|
||||||
|
- item.state is defined
|
||||||
|
- item.state == 'enable'
|
||||||
|
|
||||||
|
- name: "[NGINX] - Enable HTTP vhosts"
|
||||||
|
file:
|
||||||
|
src: "{{ nginx_etc_dir }}/sites-available/{{ item.name }}"
|
||||||
|
dest: "{{ nginx_etc_dir }}/sites-enabled/{{ item.name }}"
|
||||||
|
state: link
|
||||||
|
notify:
|
||||||
|
- reload nginx
|
||||||
|
when:
|
||||||
|
- item.ssl_name is not defined
|
||||||
|
- item.state is defined
|
||||||
|
- item.state == 'enable'
|
||||||
|
|
||||||
- name: "[NGINX] - Disable vhosts"
|
- name: "[NGINX] - Disable vhosts"
|
||||||
file:
|
file:
|
||||||
|
|
@ -40,7 +84,10 @@
|
||||||
state: absent
|
state: absent
|
||||||
notify:
|
notify:
|
||||||
- reload nginx
|
- reload nginx
|
||||||
when: item.state is defined and (item.state == 'disable' or item.state == 'delete')
|
when:
|
||||||
|
- item.state is defined
|
||||||
|
- item.state == 'disable'
|
||||||
|
- item.state == 'delete'
|
||||||
|
|
||||||
- name: "[NGINX] - Delete default vhost when explicitely defined"
|
- name: "[NGINX] - Delete default vhost when explicitely defined"
|
||||||
file:
|
file:
|
||||||
|
|
@ -50,10 +97,30 @@
|
||||||
- reload nginx
|
- reload nginx
|
||||||
when: nginx_default_vhost is not none
|
when: nginx_default_vhost is not none
|
||||||
|
|
||||||
- name: "[NGINX] - Create maintenance vhosts"
|
- name: "[NGINX] - Create HTTPS maintenance vhosts"
|
||||||
template:
|
template:
|
||||||
src: etc/nginx/sites-available/maintenance.j2
|
src: etc/nginx/sites-available/maintenance.j2
|
||||||
dest: "{{ nginx_etc_dir }}/sites-available/maintenance-{{ item.name }}"
|
dest: "{{ nginx_etc_dir }}/sites-available/maintenance-{{ item.name }}"
|
||||||
notify:
|
notify:
|
||||||
- reload nginx
|
- reload nginx
|
||||||
when: (item.state is defined) and (item.state != 'delete') and (item.maintenance is defined) and (item.maintenance == 'true')
|
when:
|
||||||
|
- item.ssl_name is defined
|
||||||
|
- cert_exists is defined
|
||||||
|
- cert_exists.stat.exists
|
||||||
|
- item.state is defined
|
||||||
|
- item.state != 'delete'
|
||||||
|
- item.maintenance is defined
|
||||||
|
- item.maintenance == 'true'
|
||||||
|
|
||||||
|
- name: "[NGINX] - Create HTTP maintenance vhosts"
|
||||||
|
template:
|
||||||
|
src: etc/nginx/sites-available/maintenance.j2
|
||||||
|
dest: "{{ nginx_etc_dir }}/sites-available/maintenance-{{ item.name }}"
|
||||||
|
notify:
|
||||||
|
- reload nginx
|
||||||
|
when:
|
||||||
|
- item.ssl_name is not defined
|
||||||
|
- item.state is defined
|
||||||
|
- item.state != 'delete'
|
||||||
|
- item.maintenance is defined
|
||||||
|
- item.maintenance == 'true'
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue