44 lines
1.3 KiB
Plaintext
44 lines
1.3 KiB
Plaintext
include:
|
|
- nginx.ng.service
|
|
|
|
{% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %}
|
|
|
|
{% if salt.pillar.get('nginx:ng:dh_contents') %}
|
|
create_nginx_dhparam_key:
|
|
file.managed:
|
|
- name: {{ certificates_path }}/dhparam.pem
|
|
- contents_pillar: nginx:ng:dh_contents
|
|
- makedirs: True
|
|
{% elif salt.pillar.get('nginx:ng:dh_keygen', False) %}
|
|
generate_nginx_dhparam_key:
|
|
file.directory:
|
|
- name: {{ certificates_path }}
|
|
- makedirs: True
|
|
cmd.run:
|
|
- name: openssl dhparam -out dhparam.pem {{ salt.pillar.get('nginx:ng:dh_keysize', 2048) }}
|
|
- cwd: {{ certificates_path }}
|
|
- creates: {{ certificates_path }}/dhparam.pem
|
|
{% endif %}
|
|
|
|
{%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %}
|
|
|
|
nginx_{{ domain }}_ssl_certificate:
|
|
file.managed:
|
|
- name: {{ certificates_path }}/{{ domain }}.crt
|
|
- makedirs: True
|
|
- contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert
|
|
- watch_in:
|
|
- service: nginx_service
|
|
|
|
{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) %}
|
|
nginx_{{ domain }}_ssl_key:
|
|
file.managed:
|
|
- name: {{ certificates_path }}/{{ domain }}.key
|
|
- mode: 600
|
|
- makedirs: True
|
|
- contents_pillar: nginx:ng:certificates:{{ domain }}:private_key
|
|
- watch_in:
|
|
- service: nginx_service
|
|
{% endif %}
|
|
{%- endfor %}
|