From 530c1b2ebbb1d11882febe03891c42837428f9d3 Mon Sep 17 00:00:00 2001
From: Lorenzo <lorenzo@thinksuse.lan>
Date: Wed, 16 Nov 2016 22:39:38 +0100
Subject: [PATCH] various bug and typos fixes

---
 roles/nginx/defaults/main.yml          |  5 +++++
 roles/nginx/tasks/letsencrypt.yaml     | 20 +++++++++++---------
 roles/nginx/tasks/main.yaml            |  7 ++++---
 roles/nginx/tasks/store_challenge.yaml |  6 +++---
 4 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml
index f221132..714dd4d 100644
--- a/roles/nginx/defaults/main.yml
+++ b/roles/nginx/defaults/main.yml
@@ -19,6 +19,11 @@ nginx_separate_logs_per_site: False
 
 letsencrypt_account_key: "/etc/ssl/private/letsencrypt.key.pem"
 letsencrypt_challenge_webroot: "/var/www/html"
+letsencrypt_ssl_country: "IT"
+letsencrypt_ssl_state: "Italy"
+letsencrypt_ssl_loc: "Florence"
+letsencrypt_ssl_org: "LILiK"
+letsencrypt_ssl_email: "letsencrypt@example.com"
 
 nginx_sites:
   
diff --git a/roles/nginx/tasks/letsencrypt.yaml b/roles/nginx/tasks/letsencrypt.yaml
index 6f463e8..6fcb758 100644
--- a/roles/nginx/tasks/letsencrypt.yaml
+++ b/roles/nginx/tasks/letsencrypt.yaml
@@ -3,23 +3,24 @@
     path: "{{ item.server.ssl_certificate_key }}"
 
 - name: generate certificate signing request
-    command: >
+  command: >
     openssl req
       -new
       -sha256
       -nodes
       -key {{ item.server.ssl_certificate_key }}
-      -out {{ item.letsencrypt.ssl_csr }}
-      -subj "/C={{ item.letsencrypt.ssl_country }}
-      /ST={{ item.letsencrypt.ssl_state }}
-      /L{{ item.letsencrypt.ssl_loc }}
-      /O={{ item.letsencrypt.ssl_org }}
-      /emailAddress={{ item.letsencrypt.ssl_email }}"
+      -out {{ item.letsencrypt.ssl_csr | default(item.server.ssl_certificate~".csr") }}
+      -subj "/C={{ item.letsencrypt.ssl_country | default(letsencrypt_ssl_country)
+      }}/ST={{ item.letsencrypt.ssl_state | default(letsencrypt_ssl_state)
+      }}/L{{ item.letsencrypt.ssl_loc | default(letsencrypt_ssl_loc)
+      }}/O={{ item.letsencrypt.ssl_org | default(letsencrypt_ssl_org)
+      }}/CN={{ item.letsencrypt.ssl_cn | default(item.server.server_name)
+      }}/emailAddress={{ item.letsencrypt.ssl_email | default(letsencrypt_ssl_email) }}"
 
 - name: get challenge(s) from letsencrypt server
   letsencrypt:
     account_key: "{{ letsencrypt_account_key }}"
-    csr: "{{ item.letsencrypt.ssl_csr }}"
+    csr: "{{ item.letsencrypt.ssl_csr | default(item.server.ssl_certificate~'.csr') }}"
     dest: "{{ item.server.ssl_certificate }}"
   register: letsencrypt_challenge
 
@@ -30,6 +31,7 @@
 - name: get signed certificate(s) from letsencrypt server
   letsencrypt:
     account_key: "{{ letsencrypt_account_key }}"
-    csr: "{{ item.letsencrypt.ssl_csr }}"
+    csr: "{{ item.letsencrypt.ssl_csr | default(item.server.ssl_certificate~'.csr') }}"
     dest: "{{ item.server.ssl_certificate }}"
     data: "{{ letsencrypt_challenge }}"
+  notify: restart nginx
diff --git a/roles/nginx/tasks/main.yaml b/roles/nginx/tasks/main.yaml
index 820a99e..0a39a0e 100644
--- a/roles/nginx/tasks/main.yaml
+++ b/roles/nginx/tasks/main.yaml
@@ -28,7 +28,7 @@
 
 - name: provision letsencrypt challenge folder
   file:
-    path: "{{ letsencrypt.challenge_webroot }}/.well-known/acme-challenge"
+    path: "{{ letsencrypt_challenge_webroot }}/.well-known/acme-challenge"
     state: directory
     owner: root
     group: root
@@ -82,12 +82,13 @@
     dest: "/etc/nginx/sites-available/{{ item.server.file_name }}"
   with_items: "{{ nginx_sites }}"
   when: nginx_sites is defined and nginx_sites
+  notify: restart nginx
   
 - name: enable nginx configurations used for letsencrypt challenge
   file:
     path: "/etc/nginx/sites-enabled/{{ item.server.file_name }}"
     state: link
-    src: "/etc/nginx/sites-enabled/{{ item.server.file_name }}"
+    src: "/etc/nginx/sites-available/{{ item.server.file_name }}"
   with_items: "{{ nginx_sites }}"
   when: letsencrypt|bool and item.use_for_challenge is defined and item.use_for_challenge|bool and nginx_sites is defined and nginx_sites
 
@@ -103,7 +104,7 @@
   when: letsencrypt|bool
 
 - name: provision ssl cert/key(s) with letsencrypt
-  include: letsencrypt.yml
+  include: letsencrypt.yaml
   with_items: "{{ nginx_sites }}"
   when: letsencrypt|bool and item.letsencrypt is defined and nginx_sites is defined and nginx_sites
 
diff --git a/roles/nginx/tasks/store_challenge.yaml b/roles/nginx/tasks/store_challenge.yaml
index 7763237..8719ec5 100644
--- a/roles/nginx/tasks/store_challenge.yaml
+++ b/roles/nginx/tasks/store_challenge.yaml
@@ -1,9 +1,9 @@
 - name: copy challenge file inside webroot
   copy:
-    dest: "{{ letsencrypt_challenge_webroot }}/{{ chall.value.http-01.resource }}"
-    content: "{{ chall.value.http-01.resource_value }}"
+    dest: "{{ letsencrypt_challenge_webroot }}/{{ chall.value['http-01']['resource'] }}"
+    content: "{{ chall.value['http-01']['resource_value'] }}"
   with_dict: "{{ letsencrypt_challenge.challenge_data }}"
-  loop_contro:
+  loop_control:
     loop_var: chall