From 68ffa6c51d92723b7813be7d4ddbcaeb27e87c9a Mon Sep 17 00:00:00 2001 From: meaz Date: Wed, 1 Jun 2022 20:11:06 +0000 Subject: [PATCH] add missing deps to create selfsigned certificate (#19) Co-authored-by: meaz Co-authored-by: muppeth Reviewed-on: https://git.disroot.org/Disroot-Ansible/nginx/pulls/19 Reviewed-by: antilopa Reviewed-by: muppeth --- defaults/main.yml | 11 +++++++++++ tasks/ssl.yml | 48 +++++++++++++++++++++++++++++++++-------------- 2 files changed, 45 insertions(+), 14 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 8648724..d03fa9e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -47,6 +47,17 @@ nginx_http_gzip_types: 'text/plain text/css application/json application/x-javas nginx_http_gzip_vary: 'on' nginx_http_gzip_disable: '"msie6"' +## Self signed certificates +nginx_selfsigned_deps: + - build-essential + - libssl-dev + - libffi-dev + - python-dev + - git + - dialog + - libaugeas0 + - ca-certificates + nginx_gen_dh: 'false' nginx_dh_path: '{{ nginx_ssl_dir }}/dhparam.pem' nginx_dh_length: 4096 diff --git a/tasks/ssl.yml b/tasks/ssl.yml index 4f9e642..4f17cb0 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -49,6 +49,27 @@ when: item.copy_ssl is defined notify: reload nginx +- name: "[SELFSIGNED] - Install dependencies" + apt: + name: "{{ item }}" + state: present + with_items: "{{ nginx_selfsigned_deps }}" + when: item.selfsigned is defined and item.selfsigned == 'true' + +- name: "[SELFSIGNED] - Add python2 cryptography module" + apt: + name: python-cryptography + state: present + with_items: "{{ nginx_vhosts }}" + when: item.selfsigned is defined and item.selfsigned == 'true' and ansible_python.executable == '/usr/bin/python' + +- name: "[SELFSIGNED] - Add python3 cryptography module" + apt: + name: python3-cryptography + state: present + with_items: "{{ nginx_vhosts }}" + when: item.selfsigned is defined and item.selfsigned == 'true' and ansible_python.executable == '/usr/bin/python3' + - name: "[SELFSIGNED] - Create Key folder" file: path: "{{ nginx_ssl_dir }}/{{ item.ssl_name }}" @@ -57,31 +78,30 @@ with_items: "{{ nginx_vhosts }}" when: item.selfsigned is defined and item.selfsigned == 'true' notify: reload nginx - - name: '[SELFSIGNED] - Create a self-signed key' openssl_privatekey: - path: '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem' - size: 2048 - type: RSA + path: '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem' + size: 2048 + type: RSA with_items: "{{ nginx_vhosts }}" when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true' notify: reload nginx -- name: '[SELFSIGNED] - Generate OpenSSL Certificate Signing Request (CSR)' - openssl_csr: - path: '{{ ssl_src_path }}/{{ item.ssl_name }}/selfsigned.crs' - privatekey_path: '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem' +- name: '[SELFSIGNED] - Generate OpenSSL Certificate Signing Request (CSR)' + openssl_csr: + path: '{{ ssl_src_path }}/{{ item.ssl_name }}/selfsigned.crs' + privatekey_path: '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem' with_items: "{{ nginx_vhosts }}" when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true' notify: reload nginx -- name: '[SELFSIGNED] - Create a self-signed certificate' - openssl_certificate: - path: '{{ ssl_src_path }}/{{ item.ssl_name }}/fullchain.pem' - privatekey_path: '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem' - csr_path: '{{ ssl_src_path }}/{{ item.ssl_name }}/selfsigned.crs' +- name: '[SELFSIGNED] - Create a self-signed certificate' + openssl_certificate: + path: '{{ ssl_src_path }}/{{ item.ssl_name }}/fullchain.pem' + privatekey_path: '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem' + csr_path: '{{ ssl_src_path }}/{{ item.ssl_name }}/selfsigned.crs' provider: selfsigned with_items: "{{ nginx_vhosts }}" - when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true' + when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true' notify: reload nginx