2019-05-10 23:07:18 +02:00
{% from 'nginx/map.jinja' import nginx with context %}
2017-07-11 11:31:17 +02:00
2015-06-23 21:17:52 +02:00
include:
2019-05-10 23:07:18 +02:00
- nginx.service
2015-06-23 21:17:52 +02:00
2019-05-10 23:07:18 +02:00
{% set certificates_path = salt['pillar.get']('nginx:certificates_path', '/etc/nginx/ssl') %}
2019-11-22 16:41:06 +01:00
prepare_certificates_path_dir:
file.directory:
- name: {{ certificates_path }}
- makedirs: True
2016-09-19 17:35:30 +02:00
2019-05-10 23:07:18 +02:00
{%- for dh_param, value in salt['pillar.get']('nginx:dh_param', {}).items() %}
2017-07-11 12:19:47 +02:00
{%- if value is string %}
create_nginx_dhparam_{{ dh_param }}_key:
2016-09-19 17:35:30 +02:00
file.managed:
2017-07-11 12:19:47 +02:00
- name: {{ certificates_path }}/{{ dh_param }}
2019-05-10 23:07:18 +02:00
- contents_pillar: nginx:dh_param:{{ dh_param }}
2016-09-19 17:35:30 +02:00
- makedirs: True
2019-11-22 16:41:06 +01:00
- require:
- file: prepare_certificates_path_dir
2017-07-11 11:44:40 +02:00
- watch_in:
- service: nginx_service
2017-07-11 12:19:47 +02:00
{%- else %}
generate_nginx_dhparam_{{ dh_param }}_key:
2017-07-11 11:31:17 +02:00
pkg.installed:
- name: {{ nginx.lookup.openssl_package }}
2016-09-19 17:35:30 +02:00
cmd.run:
2017-07-11 12:19:47 +02:00
- name: openssl dhparam -out {{ dh_param }} {{ value.get('keysize', 2048) }}
2016-09-19 17:35:30 +02:00
- cwd: {{ certificates_path }}
2017-07-11 12:19:47 +02:00
- creates: {{ certificates_path }}/{{ dh_param }}
2019-11-22 16:41:06 +01:00
- require:
- file: prepare_certificates_path_dir
2017-07-11 11:44:40 +02:00
- watch_in:
- service: nginx_service
2017-07-11 12:19:47 +02:00
{%- endif %}
{%- endfor %}
2016-09-19 17:35:30 +02:00
2019-05-10 23:07:18 +02:00
{%- for domain in salt['pillar.get']('nginx:certificates', {}).keys() %}
2015-06-23 21:17:52 +02:00
nginx_{{ domain }}_ssl_certificate:
file.managed:
2017-07-31 20:51:58 +02:00
- name: {{ certificates_path }}/{{ domain }}.crt
2015-06-23 21:17:52 +02:00
- makedirs: True
2019-05-10 23:07:18 +02:00
{% if salt['pillar.get']("nginx:certificates:{}:public_cert_pillar".format(domain)) %}
2019-10-09 15:41:12 +02:00
- contents_pillar: {{ salt['pillar.get']('nginx:certificates:{}:public_cert_pillar'.format(domain)) }}
2018-10-04 16:26:37 +02:00
{% else %}
2019-05-10 23:07:18 +02:00
- contents_pillar: nginx:certificates:{{ domain }}:public_cert
2018-10-04 16:26:37 +02:00
{% endif %}
2015-06-23 21:17:52 +02:00
- watch_in:
- service: nginx_service
2019-10-09 15:41:12 +02:00
{% if salt['pillar.get']("nginx:certificates:{}:private_key".format(domain)) or salt['pillar.get']("nginx:certificates:{}:private_key_pillar".format(domain)) %}
2015-06-23 21:17:52 +02:00
nginx_{{ domain }}_ssl_key:
file.managed:
2017-07-31 20:51:58 +02:00
- name: {{ certificates_path }}/{{ domain }}.key
2015-06-23 21:17:52 +02:00
- mode: 600
- makedirs: True
2019-05-10 23:07:18 +02:00
{% if salt['pillar.get']("nginx:certificates:{}:private_key_pillar".format(domain)) %}
2019-10-09 15:41:12 +02:00
- contents_pillar: {{ salt['pillar.get']('nginx:certificates:{}:private_key_pillar'.format(domain)) }}
2018-10-04 16:26:37 +02:00
{% else %}
2019-05-10 23:07:18 +02:00
- contents_pillar: nginx:certificates:{{ domain }}:private_key
2018-10-04 16:26:37 +02:00
{% endif %}
2015-06-23 21:17:52 +02:00
- watch_in:
- service: nginx_service
2016-10-12 10:52:17 +02:00
{% endif %}
2015-06-23 21:17:52 +02:00
{%- endfor %}
