refactoring

This commit is contained in:
Robert Kaussow 2017-12-24 14:05:27 +01:00
parent 2958937a7b
commit 058e44e57c
3 changed files with 26 additions and 7 deletions

View File

@ -1,4 +1,6 @@
--- ---
nginx_user: nginx
nginx_group: nginx
nginx_open_ports: nginx_open_ports:
- 80 - 80
- 443 - 443
@ -9,3 +11,6 @@ nginx_tls_intermediate_ca: ""
nginx_pfs_enabled: False nginx_pfs_enabled: False
nginx_dhparam_size: '4069' nginx_dhparam_size: '4069'
nginx_dhparam_file: '/etc/pki/tls/certs/dhparam-{{ nginx_dhparam_size }}.pem' nginx_dhparam_file: '/etc/pki/tls/certs/dhparam-{{ nginx_dhparam_size }}.pem'
nginx_tls_cert_file: "/etc/pki/tls/certs/my-chained.crt"
nginx_tls_intermediate_ca_file: "/etc/pki/tls/certs/my-intermediate.crt"
nginx_tls_private_key_file: "/etc/pki/tls/private/my-private.key"

View File

@ -14,6 +14,20 @@
name: nginx name: nginx
state: installed state: installed
- name: Create group '{{ nginx_group }}'
group:
name: "{{ nginx_group }}"
state: present
when: nginx_group != "nginx"
- name: Create user '{{ nginx_user }}'
user:
name: "{{ nginx_user }}"
group: "{{ nginx_group }}"
createhome: no
shell: /sbin/nologin
when: nginx_user != "nginx"
- name: Prepare vhost directories - name: Prepare vhost directories
file: file:
path: '{{ item }}' path: '{{ item }}'
@ -95,8 +109,8 @@
- block: - block:
- name: Copy tls certificate - name: Copy tls certificate
copy: copy:
content: '{{ nginx_tls_cert }}' content: "{{ nginx_tls_cert }}"
dest: /etc/pki/tls/certs/my-chained.crt dest: "{{ nginx_tls_cert_file }}"
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
@ -105,8 +119,8 @@
- name: Copy ssl intermediate cert - name: Copy ssl intermediate cert
copy: copy:
content: '{{ nginx_tls_intermediate_ca }}' content: "{{ nginx_tls_intermediate_ca }}"
dest: /etc/pki/tls/certs/my-intermediate.crt dest: "{{ nginx_tls_intermediate_ca_file }}"
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
@ -115,8 +129,8 @@
- name: Copy tls private key - name: Copy tls private key
copy: copy:
content: '{{ nginx_tls_private_key }}' content: "{{ nginx_tls_private_key }}"
dest: /etc/pki/tls/private/my-private.key dest: "{{ nginx_tls_private_key_file }}"
owner: root owner: root
group: root group: root
mode: 0600 mode: 0600

View File

@ -1,5 +1,5 @@
# {{ ansible_managed }} # {{ ansible_managed }}
user nginx; user {{ nginx_user }} {{ nginx_group }};
worker_processes 1; worker_processes 1;
error_log /var/log/nginx/error.log; error_log /var/log/nginx/error.log;