From 15273e4abaf8eecbf5fcdd01436c521c42bcad58 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20Ob=C5=AFrka?= <r.oburka@gmail.com>
Date: Fri, 22 Jul 2016 17:24:40 +0200
Subject: nginx: Upload new dhparams defined by variable

---
 roles/nginx/tasks/main.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'roles/nginx')

diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index da86af6..bb9b8b9 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -7,10 +7,24 @@
   with_items:
   - nginx
 
+- name: Upload new DH params file
+  copy:
+    src: "{{ dhparams }}"
+    dest: /etc/ssl/dh4096.pem
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+  - restart nginx
+  when: dhparams is defined
+
 - name: Generate dhparams
   command: openssl dhparam -out /etc/ssl/dh4096.pem 4096
   args:
     creates: /etc/ssl/dh4096.pem
+  notify:
+  - restart nginx
+  when: dhparams is not defined
 
 - name: Fix dhparams privileges
   file:
@@ -18,6 +32,8 @@
     owner: root
     group: root
     mode: 0644
+  notify:
+  - restart nginx
 
 - name: Deploy snippets
   template:
-- 
cgit v1.2.3