nginx: factor out ssl config into include

3 files changed, 14 insertions, 30 deletions

diff --git a/roles/webserver/files/inc/ssl.conf b/roles/webserver/files/inc/ssl.conf
new file mode 100644
index 0000000..8edfcb2
--- /dev/null
+++ b/roles/webserver/files/inc/ssl.conf
@@ -0,0 +1,7 @@
+# Load the certificate files.
+ssl_certificate         /etc/letsencrypt/live/memzero/fullchain.pem;
+ssl_certificate_key     /etc/letsencrypt/live/memzero/privkey.pem;
+ssl_trusted_certificate /etc/letsencrypt/live/memzero/chain.pem;
+
+# Load the Diffie-Hellman parameter.
+ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
diff --git a/roles/webserver/files/user_conf.d/memzero.conf b/roles/webserver/files/user_conf.d/memzero.conf
index 2038aad..ed3bd9d 100644
--- a/roles/webserver/files/user_conf.d/memzero.conf
+++ b/roles/webserver/files/user_conf.d/memzero.conf
@@ -7,12 +7,7 @@ server {
     server_name memzero.de www.memzero.de;
 
     # Load the certificate files.
-    ssl_certificate         /etc/letsencrypt/live/memzero/fullchain.pem;
-    ssl_certificate_key     /etc/letsencrypt/live/memzero/privkey.pem;
-    ssl_trusted_certificate /etc/letsencrypt/live/memzero/chain.pem;
-
-    # Load the Diffie-Hellman parameter.
-    ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
+    include /etc/nginx/inc/ssl.conf;
 
     root /www/memzero;
 }
@@ -26,12 +21,7 @@ server {
     server_name blog.memzero.de;
 
     # Load the certificate files.
-    ssl_certificate         /etc/letsencrypt/live/memzero/fullchain.pem;
-    ssl_certificate_key     /etc/letsencrypt/live/memzero/privkey.pem;
-    ssl_trusted_certificate /etc/letsencrypt/live/memzero/chain.pem;
-
-    # Load the Diffie-Hellman parameter.
-    ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
+    include /etc/nginx/inc/ssl.conf;
 
     root /www/blog;
 }
@@ -45,12 +35,7 @@ server {
     server_name dav.memzero.de;
 
     # Load the certificate files.
-    ssl_certificate         /etc/letsencrypt/live/memzero/fullchain.pem;
-    ssl_certificate_key     /etc/letsencrypt/live/memzero/privkey.pem;
-    ssl_trusted_certificate /etc/letsencrypt/live/memzero/chain.pem;
-
-    # Load the Diffie-Hellman parameter.
-    ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
+    include /etc/nginx/inc/ssl.conf;
 
     location / {
         proxy_set_header Host $host;
@@ -71,12 +56,7 @@ server {
     server_name git.memzero.de;
 
     # Load the certificate files.
-    ssl_certificate         /etc/letsencrypt/live/memzero/fullchain.pem;
-    ssl_certificate_key     /etc/letsencrypt/live/memzero/privkey.pem;
-    ssl_trusted_certificate /etc/letsencrypt/live/memzero/chain.pem;
-
-    # Load the Diffie-Hellman parameter.
-    ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
+    include /etc/nginx/inc/ssl.conf;
 
     location / {
         proxy_set_header Host $host;
@@ -97,12 +77,7 @@ server {
     server_name notes.memzero.de;
 
     # Load the certificate files.
-    ssl_certificate         /etc/letsencrypt/live/memzero/fullchain.pem;
-    ssl_certificate_key     /etc/letsencrypt/live/memzero/privkey.pem;
-    ssl_trusted_certificate /etc/letsencrypt/live/memzero/chain.pem;
-
-    # Load the Diffie-Hellman parameter.
-    ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
+    include /etc/nginx/inc/ssl.conf;
 
     location / {
         proxy_set_header Host johannst.github.io;
diff --git a/roles/webserver/tasks/main.yml b/roles/webserver/tasks/main.yml
index 891e962..5e8be87 100644
--- a/roles/webserver/tasks/main.yml
+++ b/roles/webserver/tasks/main.yml
@@ -9,6 +9,7 @@
   loop:
     - www
     - user_conf.d
+    - inc
   notify: Restart nginx
 
 - name: Setup nginx
@@ -26,6 +27,7 @@
     volumes:
       # Use 'Z' to privately relable selinux contexts.
       - "{{ DATA_ROOT }}/nginx/user_conf.d:/etc/nginx/user_conf.d:ro,Z"
+      - "{{ DATA_ROOT }}/nginx/inc:/etc/nginx/inc:ro,Z"
       # Use 'z' to shared-ly relable selinux contexts.
       - "{{ DATA_ROOT }}/nginx/www:/www:ro,z"