1 more command instead of shell + more jitsimeet_ prefix
This commit is contained in:
parent
0dbd76f077
commit
c34fe9a477
|
@ -115,7 +115,7 @@
|
||||||
- name: Check if SSL certificate is present and register result
|
- name: Check if SSL certificate is present and register result
|
||||||
ansible.builtin.stat:
|
ansible.builtin.stat:
|
||||||
path: "/etc/letsencrypt/live/{{ jitsimeet_domains |first }}/fullchain.pem"
|
path: "/etc/letsencrypt/live/{{ jitsimeet_domains |first }}/fullchain.pem"
|
||||||
register: ssl
|
register: jitsimeet_ssl
|
||||||
|
|
||||||
- name: Generate certificate only if required (first time)
|
- name: Generate certificate only if required (first time)
|
||||||
block:
|
block:
|
||||||
|
@ -140,12 +140,12 @@
|
||||||
- name: Generate certificate with certbot
|
- name: Generate certificate with certbot
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
cmd: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ jitsimeet_domains |first }}
|
cmd: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ jitsimeet_domains |first }}
|
||||||
when: ssl.stat.exists != true
|
when: jitsimeet_ssl.stat.exists != true
|
||||||
|
|
||||||
- name: (Re)check if SSL certificate is present and register result
|
- name: (Re)check if SSL certificate is present and register result
|
||||||
ansible.builtin.stat:
|
ansible.builtin.stat:
|
||||||
path: "/etc/letsencrypt/live/{{ jitsimeet_domains |first }}/fullchain.pem"
|
path: "/etc/letsencrypt/live/{{ jitsimeet_domains |first }}/fullchain.pem"
|
||||||
register: ssl
|
register: jitsimeet_ssl
|
||||||
|
|
||||||
- name: (Re)template conf file for nginx vhost with SSL
|
- name: (Re)template conf file for nginx vhost with SSL
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
|
@ -175,11 +175,12 @@
|
||||||
- name: Check if SSL certificate for coturn is present and register result
|
- name: Check if SSL certificate for coturn is present and register result
|
||||||
ansible.builtin.stat:
|
ansible.builtin.stat:
|
||||||
path: "/etc/coturn/certs/{{ jitsimeet_turn_domains |first }}.crt"
|
path: "/etc/coturn/certs/{{ jitsimeet_turn_domains |first }}.crt"
|
||||||
register: ssl_coturn
|
register: jitsimeet_ssl_coturn
|
||||||
|
|
||||||
- name: Generate certificate for coturn with certbot
|
- name: Generate certificate for coturn with certbot
|
||||||
ansible.builtin.shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/coturn-certbot-deploy.sh --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ jitsimeet_turn_domains |first }}
|
ansible.builtin.command:
|
||||||
when: ssl_coturn.stat.exists != true
|
cmd: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/coturn-certbot-deploy.sh --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ jitsimeet_turn_domains |first }}
|
||||||
|
when: jitsimeet_ssl_coturn.stat.exists != true
|
||||||
|
|
||||||
- name: Setup other domains if any
|
- name: Setup other domains if any
|
||||||
include_tasks: other_domains.yml
|
include_tasks: other_domains.yml
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
- name: Check if SSL certificate is present and register result
|
- name: Check if SSL certificate is present and register result
|
||||||
ansible.builtin.stat:
|
ansible.builtin.stat:
|
||||||
path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem"
|
path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem"
|
||||||
register: ssl
|
register: jitsimeet_ssl
|
||||||
|
|
||||||
- name: Generate certificate only if required (first time)
|
- name: Generate certificate only if required (first time)
|
||||||
block:
|
block:
|
||||||
|
@ -40,12 +40,12 @@
|
||||||
- name: Generate certificate with certbot
|
- name: Generate certificate with certbot
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
cmd: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ domain }}
|
cmd: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ domain }}
|
||||||
when: ssl.stat.exists != true
|
when: jitsimeet_ssl.stat.exists != true
|
||||||
|
|
||||||
- name: (Re)check if SSL certificate is present and register result
|
- name: (Re)check if SSL certificate is present and register result
|
||||||
ansible.builtin.stat:
|
ansible.builtin.stat:
|
||||||
path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem"
|
path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem"
|
||||||
register: ssl
|
register: jitsimeet_ssl
|
||||||
|
|
||||||
- name: (Re)template conf file for nginx vhost with SSL
|
- name: (Re)template conf file for nginx vhost with SSL
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{% if ssl.stat.exists %}
|
{% if jitsimeet_ssl.stat.exists %}
|
||||||
map $arg_vnode $prosody_node {
|
map $arg_vnode $prosody_node {
|
||||||
default prosody;
|
default prosody;
|
||||||
v1 v1;
|
v1 v1;
|
||||||
|
@ -24,12 +24,12 @@ server {
|
||||||
try_files $uri =404;
|
try_files $uri =404;
|
||||||
allow all;
|
allow all;
|
||||||
}
|
}
|
||||||
{% if ssl.stat.exists %}
|
{% if jitsimeet_ssl.stat.exists %}
|
||||||
location / { return 301 https://$host$request_uri; }
|
location / { return 301 https://$host$request_uri; }
|
||||||
{% endif %}
|
{% endif %}
|
||||||
}
|
}
|
||||||
|
|
||||||
{% if ssl.stat.exists %}
|
{% if jitsimeet_ssl.stat.exists %}
|
||||||
server {
|
server {
|
||||||
listen 8088 ssl http2;
|
listen 8088 ssl http2;
|
||||||
listen [::]:8088 ssl http2;
|
listen [::]:8088 ssl http2;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{% if ssl.stat.exists %}
|
{% if jitsimeet_ssl.stat.exists %}
|
||||||
server_names_hash_bucket_size 64;
|
server_names_hash_bucket_size 64;
|
||||||
|
|
||||||
types {
|
types {
|
||||||
|
@ -41,12 +41,12 @@ server {
|
||||||
try_files $uri =404;
|
try_files $uri =404;
|
||||||
allow all;
|
allow all;
|
||||||
}
|
}
|
||||||
{% if ssl.stat.exists %}
|
{% if jitsimeet_ssl.stat.exists %}
|
||||||
location / { return 301 https://$host$request_uri; }
|
location / { return 301 https://$host$request_uri; }
|
||||||
{% endif %}
|
{% endif %}
|
||||||
}
|
}
|
||||||
|
|
||||||
{% if ssl.stat.exists %}
|
{% if jitsimeet_ssl.stat.exists %}
|
||||||
server {
|
server {
|
||||||
listen 8088 ssl http2;
|
listen 8088 ssl http2;
|
||||||
listen [::]:8088 ssl http2;
|
listen [::]:8088 ssl http2;
|
||||||
|
|
Loading…
Reference in a new issue