use ansible dhparam module (#32)

* use ansible dhparam module
2024-11-22 15:32:01 +01:00 · 2020-08-28 12:35:52 +02:00 · 2020-08-28 12:35:52 +02:00 · e266decde8
commit e266decde8
parent 57f7a15b51
2 changed files with 6 additions and 11 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -102,7 +102,7 @@ script:
  - 'docker run --detach --volume="${PWD}":/etc/ansible/roles/ansible-nginx-hardening:ro ${run_opts} rndmh3ro/docker-${distro}-ansible:${version} "${init}" > "${container_id}"'
  # Install ansible galaxy requirements
-  - 'docker exec "$(cat ${container_id})" ansible-galaxy -c install -r /etc/ansible/roles/ansible-nginx-hardening/requirements.yml -p /etc/ansible/roles/'
+  - 'docker exec "$(cat ${container_id})" ansible-galaxy install --ignore-certs -r /etc/ansible/roles/ansible-nginx-hardening/requirements.yml -p /etc/ansible/roles/'
  # Test role
  - 'docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/ansible-nginx-hardening/tests/"${test_playbook}" -vv'
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -85,15 +85,10 @@
    - "/etc/nginx/sites-enabled/default"
 - name: generate dh group
-  command: "openssl dhparam -out /etc/nginx/dh{{ nginx_dh_size }}.pem {{ nginx_dh_size }}"
+  openssl_dhparam:
-  args:
+    path: "/etc/nginx/dh{{ nginx_dh_size }}.pem"
-    creates: "/etc/nginx/dh{{ nginx_dh_size }}.pem"
+    size: "{{ nginx_dh_size }}"
-  notify: restart nginx
+    mode: '0640'
 - name: config should not be worldwide read- or writeable
  file:
    path: "/etc/nginx"
    mode: "o-rw"
    owner: "root"
    group: "root"
-    recurse: true
+  notify: restart nginx