| 123456789101112131415161718192021222324252627 |
- ---
- - include: nginx.yml
- - include: acmetool.yml
- - name: Ensure nginx default secure config is up to date
- template:
- src: nginx_secure_default.conf.j2
- dest: /etc/nginx/sites-available/secure_default.conf
- - stat:
- path: "/var/lib/acme/live/{{ ansible_fqdn }}/privkey"
- become: yes
- register: default_key_file_stat
- - name: Let acmetool generate a key and a certificate
- become: yes
- when: not default_key_file_stat.stat.exists
- shell: /usr/bin/acmetool want --batch {{ ansible_fqdn }}
- notify: Restart nginx
- - name: Ensure secure default configuration for nginx is enabled
- become: yes
- file:
- state: link
- dest: /etc/nginx/sites-enabled/secure_default.conf
- src: /etc/nginx/sites-available/secure_default.conf
- notify: Reload nginx
|
