Add option to configure certs dir

2021-03-25 15:30:59 +01:00 · 2021-03-25 15:30:59 +01:00 · 51c515cf97
parent e3db997709
commit 51c515cf97
3 changed files with 7 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -16,9 +16,12 @@ This is the domain serving the API.
 ### `node_exporter_cert` 

 This specifies which domain should be used for SSL. Useful if you use wildcard
-certs. These are expected to live in `/etc/nginx/certs`.
+certs. These are expected to live in `certs_dir`.

 ### `prometheus_pass` 

 This specifies the HTTP Basic Auth password to secure the prometheus endpoint.

+### `certs_dir`
+
+Location to look for certificates
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -14,7 +14,7 @@
 - name: Place reverse proxy conf
  become: yes
  template:
-    src: files/nginx.conf
+    src: templates/nginx.conf.j2
    dest: /etc/nginx/conf.d/{{ node_exporter_domain }}.conf
  notify: Check and Reload nginx

--- a/templates/nginx.conf.j2
+++ b/templates/nginx.conf.j2
@ -3,8 +3,8 @@ server {
    listen [::]:443 ssl http2;
    server_name {{ node_exporter_domain }};

-    ssl_certificate /etc/nginx/certs/{{ node_exporter_cert }}/fullchain;
-    ssl_certificate_key /etc/nginx/certs/{{ node_exporter_cert }}/key;
+    ssl_certificate {{ certs_dir }}/{{ node_exporter_cert }}/fullchain;
+    ssl_certificate_key {{ certs_dir }}/{{ node_exporter_cert }}/key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;