implement snakeoil certificates (faster)

ansibleguy · May 15, 2024 · b19aae8 · b19aae8
1 parent b679f56
commit b19aae8
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 4 deletions.
diff --git a/tasks/debian/add_certs.yml b/tasks/debian/add_certs.yml
@@ -33,7 +33,7 @@
         locality: "{{ site.ssl.ca.locality | default(NGINX_CONFIG.ssl.ca.locality, true) }}"
         email: "{{ site.ssl.ca.email | default(NGINX_CONFIG.ssl.ca.email, true) }}"
         pwd: "{{ site.ssl.ca.pwd | default(NGINX_CONFIG.ssl.ca.pwd, true) }}"
-  when: "site.ssl.mode in ['ca', 'selfsigned']"
+  when: "site.ssl.mode in ['ca', 'selfsigned', 'snakeoil', 'quick']"
   args:
     apply:
       tags: [certs, sites]

diff --git a/tasks/debian/add_site.yml b/tasks/debian/add_site.yml
@@ -16,7 +16,7 @@
   ansible.builtin.import_tasks: add_certs.yml
   when:
     - not site.plain_only | bool
-    - "site.ssl.mode in ['selfsigned', 'existing', 'ca']"
+    - "site.ssl.mode in ['selfsigned', 'existing', 'ca', 'snakeoil', 'quick']"
   tags: [certs]
 
 # as letsencrypt generator could be skipped on previous run

diff --git a/tasks/debian/rm_site.yml b/tasks/debian/rm_site.yml
@@ -17,7 +17,7 @@
     - "{{ NGINX_CONFIG.ssl.path }}/{{ name }}.crt"
     - "{{ NGINX_CONFIG.ssl.path }}/{{ name }}.key"
     - "{{ NGINX_CONFIG.ssl.path }}/{{ name }}.csr"
-  when: "site.ssl.mode in ['selfsigned', 'existing', 'ca']"
+  when: "site.ssl.mode in ['selfsigned', 'existing', 'ca', 'snakeoil', 'quick']"
 
 - name: "Nginx | Remove Site '{{ name }}' | Removing basic-auth files"
   ansible.builtin.file:

diff --git a/templates/etc/nginx/sites-available/inc/site_https_ssl.j2 b/templates/etc/nginx/sites-available/inc/site_https_ssl.j2
@@ -10,7 +10,7 @@
   ssl_trusted_certificate '{{ NGINX_CONFIG.ssl.path }}/ca.crt';
   ssl_stapling off;
   ssl_stapling_verify off;
-{% elif site.ssl.mode == 'selfsigned' %}
+{% elif site.ssl.mode in ['selfsigned', 'snakeoil', 'quick'] %}
   ssl_stapling off;
   ssl_stapling_verify off;
 {% else %}