cwchristerw/tjas-infra
1
0
Fork 0
mirror of https://github.com/cwchristerw/tjas-infra synced 2025-12-02 16:33:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: cwchristerw:19a08cffa55bba01f0b1ccd2d8467b6c4fcb739b
Branches Tags
cwchristerw:master
...
compare: cwchristerw:7a09d1e227ba3353de978dda1b322f79e8c91253
Branches Tags
cwchristerw:master

2 Commits
19a08cffa5 ... 7a09d1e227

Author SHA1 Message Date
Christer Warén
7a09d1e227 Fix typo in Nginx configuration 2025-09-10 13:25:45 +03:00
Christer Warén
4ff7822c11 Fix typos in Deployer tasks 2025-09-10 13:25:03 +03:00
2 changed files with 6 additions and 11 deletions
Expand all files Collapse all files

6
files/nginx/conf/000-default.conf
View File

@@ -37,8 +37,8 @@ server {
http2 on;
ssl_certificate /etc/nginx/certs/pvjjk-1vos-niinisalo/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/pvjjk-1vos-niinisalo/privkey.pem;
ssl_certificate /etc/nginx/certs/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve X25519:prime256v1:secp384r1;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
@@ -46,7 +46,7 @@ server {
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 180m;
ssl_trusted_certificate /etc/nginx/certs/pvjjk-1vos-niinisalo/chain.pem;
ssl_trusted_certificate /etc/nginx/certs/chain.pem;
expires off;
etag off;

11
tasks/deployer.yml
View File

@@ -546,9 +546,6 @@
path: "/root/data/openssl/{{ cert }}/cert.pem"
privatekey_path: "/root/data/openssl/{{ cert }}/privkey.pem"
csr_path: "/root/data/openssl/{{ cert }}/csr.pem"
provider: "ownca"
ownca_path: /etc/ssl/crt/ansible_CA.crt
ownca_privatekey_path: /etc/ssl/private/ansible_CA.pem
provider: selfsigned
selfsigned_not_after: "+7300d"
loop: "{{ config.openssl.certificates.keys() | list }}"
@@ -569,7 +566,6 @@
provider: "ownca"
ownca_path: "/root/data/openssl/{{ config.openssl.certificates[cert].issuer }}/cert.pem"
ownca_privatekey_path: "/root/data/openssl/{{ config.openssl.certificates[cert].issuer }}/privkey.pem"
provider: ownca
ownca_not_after: "+365d"
loop: "{{ config.openssl.certificates.keys() | list }}"
loop_control:
@@ -590,7 +586,6 @@
provider: "ownca"
ownca_path: "/root/data/openssl/{{ config.openssl.certificates[cert].issuer }}/cert.pem"
ownca_privatekey_path: "/root/data/openssl/{{ config.openssl.certificates[cert].issuer }}/privkey.pem"
provider: ownca
ownca_not_after: "+30d"
loop: "{{ config.openssl.certificates.keys() | list }}"
loop_control:
@@ -606,7 +601,7 @@
- name: "Deployer - OpenSSL - Configure - Generate Fullchain"
ansible.builtin.copy:
dest: "/root/data/openssl/{{ cert }}/fullchain.pem"
content: "{{ lookup('ansible.builtin.file', '/root/data/openssl/{{ cert }}/cert.pem') }}{{ lookup('ansible.builtin.file', '/root/data/openssl/' + config.openssl.certificates[cert].issuer + '/cert.pem') }}{{ lookup('ansible.builtin.file', '/root/data/openssl/root/cert.pem') }}"
content: "{{ lookup('ansible.builtin.file', '/root/data/openssl/' + cert + '/cert.pem') }}\n{{ lookup('ansible.builtin.file', '/root/data/openssl/' + config.openssl.certificates[cert].issuer + '/cert.pem') }}\n{{ lookup('ansible.builtin.file', '/root/data/openssl/root/cert.pem') }}"
loop: "{{ config.openssl.certificates.keys() | list }}"
loop_control:
label: "{{ cert }}"
@@ -621,7 +616,7 @@
- name: "Deployer - OpenSSL - Configure - Generate Chain"
ansible.builtin.copy:
dest: "/root/data/openssl/{{ cert }}/chain.pem"
content: "{{ lookup('ansible.builtin.file', '/root/data/openssl/{{ cert }}/cert.pem') }}{{ lookup('ansible.builtin.file', '/root/data/openssl/' + config.openssl.certificates[cert].issuer + '/cert.pem') }}{{ lookup('ansible.builtin.file', '/root/data/openssl/root/cert.pem') }}"
content: "{{ lookup('ansible.builtin.file', '/root/data/openssl/' + config.openssl.certificates[cert].issuer + '/cert.pem') }}\n{{ lookup('ansible.builtin.file', '/root/data/openssl/root/cert.pem') }}"
loop: "{{ config.openssl.certificates.keys() | list }}"
loop_control:
label: "{{ cert }}"
@@ -685,7 +680,7 @@
- "{{ ansible_facts.user_dir }}/data/nginx/index.html:/usr/share/nginx/html/index.html:ro"
- "{{ ansible_facts.user_dir }}/data/nginx/config.conf:/etc/nginx/nginx.conf:ro"
- "{{ ansible_facts.user_dir }}/data/nginx/conf/:/etc/nginx/conf.d/:ro"
- "{{ ansible_facts.user_dir }}/data/openssl/:/etc/nginx/certs/:ro"
- "{{ ansible_facts.user_dir }}/data/openssl/{{ hostname }}/:/etc/nginx/certs/:ro"
restart_policy: always
when:
- (deployerTaskN1 is defined and deployerTaskN1.changed) or deployerTaskN1 is undefined or (deployerTaskN2 is defined and deployerTaskN2.changed) or deployerTaskN2 is undefined