---
# tasks file for mapserver-certificates

- name: Install openssl to generate DH params
  apt: name=openssl state=present

- name: Ensure nginx ssl directory exists
  file: dest=/etc/nginx/ssl/ state=directory

- name: Create private ssl key from secret var
  copy: content="{{ mapserver_ssl_private_key }}" dest=/etc/nginx/ssl/wiki.ffdo.de.key

- name: Create nginx server certificate from secret var
  copy: content="{{ mapserver_ssl_server_cert }}" dest=/etc/nginx/ssl/wiki.ffdo.de.crt

- name: Deploy pregenerated DH params
  when: mapserver_use_pregenerated_dh_params
  copy: content="{{mapserver_dh_params}}" dest=/etc/nginx/dhparams.pem

- name: Generate strong dhparams
  when: not mapserver_use_pregenerated_dh_params
  shell: openssl dhparam -out /etc/nginx/dhparams.pem 4096 creates=/etc/nginx/dhparams.pem