copy tls certs before creating vhosts to avoid validation errors

2020-02-23 16:49:35 +01:00 · 2020-02-23 16:49:35 +01:00 · fe75cf9ee4
commit fe75cf9ee4
parent 053b7bfcb6
3 changed files with 31 additions and 28 deletions
--- a/tasks/install.yml
+++ b/tasks/install.yml
@ -106,29 +106,3 @@
        mode: 0750
  become: True
  become_user: "{{ nginx_user }}"
-
- block:
-    - name: Add vhost configurations
-      template:
-        src: etc/nginx/sites-available/vhost.j2
-        dest: "/etc/nginx/sites-available/{{ item.file }}"
-        owner: root
-        group: root
-        mode: 0640
-        validate: /bin/bash -c 'nginx -t -c /dev/stdin <<< "events {worker_connections 10;} http { include %s; }"'
-      loop: "{{ nginx_vhosts_default + nginx_vhosts_extra }}"
-      loop_control:
-        label: "{{ item.file }}"
-      notify: __nginx_reload
-
-    - name: Enable vhosts
-      file:
-        src: "/etc/nginx/sites-available/{{ item.file }}"
-        dest: "/etc/nginx/sites-enabled/{{ item.file }}"
-        state: "{{ 'link' if item.enabled | default(True) | bool else 'absent' }}"
-      loop: "{{ nginx_vhosts_default + nginx_vhosts_extra }}"
-      loop_control:
-        label: "{{ item.file }}"
-      notify: __nginx_reload
-  become: True
-  become_user: root
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,5 +1,6 @@
 ---
- import_tasks: install.yml
+- include_tasks: install.yml
 - import_tasks: tls.yml
  tags: tls_renewal
- import_tasks: post_tasks.yml
+- include_tasks: vhost.yml
+- include_tasks: post_tasks.yml
--- a/tasks/vhost.yml
+++ b/tasks/vhost.yml
@ -0,0 +1,28 @@
+---
+
+
+- block:
+    - name: Add vhost configurations
+      template:
+        src: etc/nginx/sites-available/vhost.j2
+        dest: "/etc/nginx/sites-available/{{ item.file }}"
+        owner: root
+        group: root
+        mode: 0640
+        validate: /bin/bash -c 'nginx -t -c /dev/stdin <<< "events {worker_connections 10;} http { include %s; }"'
+      loop: "{{ nginx_vhosts_default + nginx_vhosts_extra }}"
+      loop_control:
+        label: "{{ item.file }}"
+      notify: __nginx_reload
+
+    - name: Enable vhosts
+      file:
+        src: "/etc/nginx/sites-available/{{ item.file }}"
+        dest: "/etc/nginx/sites-enabled/{{ item.file }}"
+        state: "{{ 'link' if item.enabled | default(True) | bool else 'absent' }}"
+      loop: "{{ nginx_vhosts_default + nginx_vhosts_extra }}"
+      loop_control:
+        label: "{{ item.file }}"
+      notify: __nginx_reload
+  become: True
+  become_user: root