From 1bc80fa9ea87975b3dc1935da4dc1e17fe0cfacf Mon Sep 17 00:00:00 2001
From: nd <git@notandy.de>
Date: Fri, 8 Mar 2024 13:50:45 +0100
Subject: [PATCH] Move certificate generation to after the nginx package is
 installed

This prevents a problem where the certificate role tries to restart a not yet installed nginx
---
 tasks/main.yml | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index 043be4c..0c06b23 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -5,18 +5,6 @@
     inventory_certs: "{{ certificates.certs|d({}) | dict2items | selectattr ('key', 'regex', '^nginx_') | items2dict }}"
     selfsigned_cert: "{ '{{ inventory_hostname }}': { 'backend': 'selfsigned' }}"
 
-- name: generate certificates for vhosts
-  include_role:
-    name: certificates
-  vars:
-    certificates:
-      certs: "{{ {}|combine( (selfsigned_cert|from_yaml if nginx.snakeoil_default else {}),  nginx_certs, inventory_certs, recursive=True) }}"
-
-- name: debug nginx dict
-  debug:
-    verbosity: 1
-    var: nginx
-
 - name: install nginx
   apt:
     pkg:
@@ -31,6 +19,18 @@
   - delete nginx index.nginx-debian.html
   - restart nginx
 
+- name: generate certificates for vhosts
+  include_role:
+    name: certificates
+  vars:
+    certificates:
+      certs: "{{ {}|combine( (selfsigned_cert|from_yaml if nginx.snakeoil_default else {}),  nginx_certs, inventory_certs, recursive=True) }}"
+
+- name: debug nginx dict
+  debug:
+    verbosity: 1
+    var: nginx
+
 - name: copy configs
   copy:
     src: config/
-- 
GitLab