From 947dc4460df78e82d9f0ac93f7179d12b0fc9d47 Mon Sep 17 00:00:00 2001 From: Patrick Neff Date: Fri, 8 Jul 2022 21:52:50 +0200 Subject: [PATCH] Add snakeoil certs --- meta/main.yml | 3 ++- tasks/main.yml | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/meta/main.yml b/meta/main.yml index 0a3875f..4ec6b26 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,4 +1,5 @@ galaxy_info: role_name: nginx -dependencies: [] +dependencies: + - ssl-snakeoil diff --git a/tasks/main.yml b/tasks/main.yml index d609aff..f7c630d 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,4 +1,5 @@ - name: Install packages. + become: true tags: nginx ansible.builtin.package: state: present @@ -7,11 +8,19 @@ register: nginx_installed - name: Backup default nginx config + become: true command: mv /etc/nginx /etc/nginx.orig when: nginx_installed.changed == true register: nginx_original_config_backup + +- name: Add ssl-cert group to www-data + become: true + command: usermod -a -G ssl-cert www-data + when: nginx_installed.changed == true + register: nginx_group_added - name: Clone h5bp nginx config. + become: true tags: nginx ansible.builtin.git: repo: https://github.com/h5bp/server-configs-nginx @@ -21,10 +30,17 @@ when: nginx_original_config_backup.changed == true - name: Copy default fastcgi_params back to h5bp nginx config. + become: true command: cp /etc/nginx.orig/fastcgi_params /etc/nginx when: nginx_original_config_backup.changed == true +- name: Copy default snakeoil.conf back to h5bp nginx config. + become: true + command: cp /etc/nginx.orig/snippets/snakeoil.conf /etc/nginx + when: nginx_original_config_backup.changed == true + - name: Remove default nginx directory. + become: true tags: nginx ansible.builtin.file: path: /etc/nginx.orig