From 4cc2998facf41e1b4b64af2d32dd863b73fb7f8c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Kucharczyk?= <lukas@kucharczyk.xyz>
Date: Tue, 27 Apr 2021 19:13:35 +0200
Subject: [PATCH] Generate certificates automatically

---
 group_vars/all                      |  1 +
 roles/nginx/tasks/main.yml          | 18 ++++++++++++++----
 roles/nginx/templates/nginx.conf.j2 |  4 ++--
 3 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/group_vars/all b/group_vars/all
index 679d6d2..33e2a05 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -1,4 +1,5 @@
 base_domain: "dev.local"
+admin_email: "lukas@kucharczyk.xyz"
 server_ip: "192.168.0.107"
 data_folder: "{{ playbook_dir }}/docker-data"
 nginx_confd_folder: "{{ data_folder }}/nginx/conf.d"
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 5fe300d..e1257eb 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -5,13 +5,23 @@
     mode: '0755'
   loop:
     - "{{ nginx_confd_folder }}"
+- name: generate certificates
+  command: openssl req \
+            -x509 \
+            -sha256 \
+            -newkey rsa:2048 \
+            -keyout "{{ data_folder }}/nginx/{{ base_domain }}".key \
+            -subj "/C=CZ/L=Prague/CN=*.{{ base_domain }}/emailAddress={{ admin_email }}"
+            -out "{{ data_folder }}/nginx/{{ base_domain }}".crt \
+            -days 3650 \
+            -nodes \
 - name: copy certificates
   copy:
     src: "{{ item }}"
     dest: "{{ data_folder }}/nginx"
   loop:
-    - localhost.key
-    - localhost.crt
+    - "{{ data_folder }}/nginx/{{ base_domain }}.key"
+    - "{{ data_folder }}/nginx/{{ base_domain }}.crt"
 - name: copy .conf file
   template:
     src: nginx.conf.j2
@@ -23,8 +33,8 @@
     image: nginx
     volumes:
       - "{{ data_folder }}/nginx/nginx.conf:/etc/nginx/nginx.conf"
-      - "{{ data_folder }}/nginx/localhost.crt:/etc/nginx/localhost.crt"
-      - "{{ data_folder }}/nginx/localhost.key:/etc/nginx/localhost.key"
+      - "{{ data_folder }}/nginx/{{ base_domain }}.key:/etc/nginx/{{ base_domain }}.key"
+      - "{{ data_folder }}/nginx/{{ base_domain }}.crt:/etc/nginx/{{ base_domain }}.crt"
       - "{{ nginx_confd_folder }}:/etc/nginx/conf.d"
     ports:
       - "80:80"
diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2
index 01dbe2e..65c9a8c 100644
--- a/roles/nginx/templates/nginx.conf.j2
+++ b/roles/nginx/templates/nginx.conf.j2
@@ -26,7 +26,7 @@ http {
     keepalive_timeout  65;
 
     #gzip  on;
-    ssl_certificate /etc/nginx/localhost.crt;
-    ssl_certificate_key /etc/nginx/localhost.key;
+    ssl_certificate /etc/nginx/{{ base_domain }}.crt;
+    ssl_certificate_key /etc/nginx/{{ base_domain }}.key;
     include /etc/nginx/conf.d/*.conf;
 }
\ No newline at end of file