Made refactoring for notes app (and other)

2017-11-26 10:46:04 +03:00
parent 8ec89712f2
commit a59737b826
25 changed files with 205 additions and 221 deletions
--- a/ansible/roles/ssl-certificate/defaults/main.yml
+++ b/ansible/roles/ssl-certificate/defaults/main.yml
@ -1,23 +0,0 @@
---
-# Required, allowed: self-signed, letsencrypt
-cert_type: 'self-signed'
-
-# Required, name for ssl-certificate configuration
-cert_name: ''
-
-# Required: domain owner email
-cert_email: ''
-
-# Required: domains for lets encrypt certificate creation
-cert_domains: []
-
-# Paths to store generated keys
-cert_directory: '/opt/ssl-certificates/{{ cert_name }}'
-cert_key: '{{ cert_directory }}/ssl.key'
-cert_request: '{{ cert_directory }}/ssl.csr'
-cert_certificate: '{{ cert_directory }}/ssl.crt'
-cert_dhparam: '{{ cert_directory }}/dhparam.pem'
-cert_dhparam_n: 2048
-
-# lets encrypt well-known challenge folder
-cert_le_webroot_path: /var/www/letsencrypt
--- a/ansible/roles/ssl-certificate/tasks/letsencrypt.yml
+++ b/ansible/roles/ssl-certificate/tasks/letsencrypt.yml
@ -1,32 +0,0 @@
---
- name: Check required parameters.
-  fail:
-    msg: You must set up domain and email.
-  when: not cert_domains or not cert_email
-
- name: Create letsencrypt web root directory.
-  file:
-    name: '{{ cert_le_webroot_path }}'
-    state: directory
-
- name: Copy notes acme server config.
-  template:
-    src: vhost.conf.j2
-    dest: "/etc/nginx/sites-enabled/{{ cert_name }}_letsencrypt.conf"
-
- name: Restart nginx.
-  service:
-    name: nginx
-    state: restarted
-
- name: Configure Lest Encrypt certificate.
-  include_role:
-    name: thefinn93.ansible-letsencrypt
-    private: yes
-  vars:
-    letsencrypt_webroot_path: '{{ cert_le_webroot_path }}'
-    letsencrypt_email: '{{ cert_email }}'
-    letsencrypt_cert_domains: '{{ cert_domains }}'
-    letsencrypt_renewal_command_args: '--renew-hook "systemctl restart nginx"'
-    ssl_certificate: '{{ cert_certificate }}'
-    ssl_certificate_key: '{{ cert_key }}'
--- a/ansible/roles/ssl-certificate/tasks/main.yml
+++ b/ansible/roles/ssl-certificate/tasks/main.yml
@ -1,22 +0,0 @@
---
- name: Ensure certificate storage exists.
-  file:
-    path: '{{ cert_directory }}'
-    state: directory
-
- include: self-signed.yml
-  when: cert_type == 'self-signed'
-
- include: letsencrypt.yml
-  when: cert_type == 'letsencrypt'
-
- name: Generate dhparams.
-  shell: 'openssl dhparam -out {{ cert_dhparam }} {{ cert_dhparam_n }}'
-  args:
-    creates: '{{ cert_dhparam }}'
-
- name: Set facts about generated files.
-  set_fact:
-    '{{ cert_name }}_ssl_key': '{{ cert_key }}'
-    '{{ cert_name }}_ssl_certificate': '{{ cert_certificate }}'
-    '{{ cert_name }}_ssl_dhparam': '{{ cert_dhparam }}'
--- a/ansible/roles/ssl-certificate/tasks/self-signed.yml
+++ b/ansible/roles/ssl-certificate/tasks/self-signed.yml
@ -1,33 +0,0 @@
---
- name: Check certificate params.
-  fail:
-    msg: You must setup certificate file params.
-  when: not cert_certificate or not cert_key
-
- name: Generate self signed ssl key.
-  shell: |
-    openssl genrsa \
-      -aes256 \
-      -passout pass:client11 \
-      -out {{ cert_directory }}/ssl.pass.key \
-      1024
-
-    openssl rsa \
-      -passin pass:client11 \
-      -in {{ cert_directory }}/ssl.pass.key \
-      -out {{ cert_key }}
-
-    openssl req \
-      -new \
-      -key {{ cert_key }} \
-      -out {{ cert_request }} \
-      -subj "/CN=localhost"
-
-    openssl x509 \
-      -req \
-      -days 365 \
-      -in {{ cert_request }} \
-      -signkey {{ cert_key }} \
-      -out {{ cert_certificate }}
-  args:
-    creates: '{{ cert_certificate }}'
--- a/ansible/roles/ssl-certificate/templates/vhost.conf.j2
+++ b/ansible/roles/ssl-certificate/templates/vhost.conf.j2
@ -1,13 +0,0 @@
-server {
-    listen 80;
-    server_name {{ cert_domains|join(' ') }};
-
-    location /.well-known {
-        root {{ cert_le_webroot_path }};
-        try_files $uri $uri/ =404;
-    }
-
-    location / {
-        rewrite ^ https://$host$request_uri? permanent;
-    }
-}