roles/nginx: generate snakeoil cert manually

The ssl-cert does this, but it includes the hostname of the server as the subject name in the cert, which is a huge leak of privacy.
2021-09-27 10:48:24 +03:00
parent a4acc85704
commit 79b29f0c51
3 changed files with 10 additions and 12 deletions
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@ -16,15 +16,8 @@
    add_nginx_apt_key is changed or
    add_nginx_apt_repository is changed

- name: Set nginx packages
-  set_fact:
-    nginx_packages:
-      - nginx
-      - ssl-cert # for ssl-cert-snakeoil.pem in nginx
-  tags: nginx, packages
-
- name: Install nginx packages
-  apt: pkg={{ nginx_packages }} cache_valid_time=3600 state=present
+- name: Install nginx
+  apt: pkg=nginx cache_valid_time=3600 state=present
  tags: nginx, packages

 - name: Copy nginx.conf