[int]

2025-10-07 16:12:13 +02:00 · 2025-10-07 16:12:13 +02:00 · da1e27459f
parent c4db57b83a
commit da1e27459f
4 changed files with 30 additions and 16 deletions
--- a/roles/nginx/cfg.schema.json
+++ b/roles/nginx/cfg.schema.json
@ -0,0 +1,20 @@
+{
+	"nullable": false,
+	"type": "object",
+	"properties": {
+		"auto_reload_interval": {
+			"nullable": true,
+			"type": "integer",
+			"description": "in hours",
+			"default": null
+		},
+		"improved_security": {
+			"nullable": false,
+			"type": "boolean",
+			"default": false
+		}
+	},
+	"additionalProperties": false,
+	"required": [
+	]
+}
--- a/roles/nginx/defaults/main.json
+++ b/roles/nginx/defaults/main.json
@ -1,4 +1,6 @@
 {
-	"var_nginx_auto_reload_interval": null,
-	"var_nginx_improved_security": false
+	"cfg_nginx_defaults": {
+		"auto_reload_interval": null,
+		"improved_security": false
+	}
 }
--- a/roles/nginx/tasks/main.json
+++ b/roles/nginx/tasks/main.json
@ -12,8 +12,8 @@
 	},
 	{
 		"name": "generate dhparams file",
+		"when": "cfg_nginx.improved_security",
 		"become": true,
-		"when": "var_nginx_improved_security",
 		"ansible.builtin.command": {
 			"cmd": "openssl dhparam -out /etc/nginx/dhparam 4096"
 		},
@ -23,7 +23,7 @@
 	},
 	{
 		"name": "place hardening config",
-		"when": "var_nginx_improved_security",
+		"when": "cfg_nginx.improved_security",
 		"become": true,
 		"ansible.builtin.copy": {
 			"src": "ssl-hardening.conf",
@ -61,13 +61,13 @@
 	},
 	{
 		"name": "auto reload",
-		"when": "var_nginx_auto_reload_interval == None",
+		"when": "cfg_nginx.auto_reload_interval == None",
 		"become": true,
 		"ansible.builtin.cron": {
 			"name": "nginx_auto_reload",
 			"disabled": true,
 			"minute": "0",
-			"hour": "*/{{var_nginx_auto_reload_interval | string}}",
+			"hour": "*/{{cfg_nginx.auto_reload_interval | string}}",
 			"day": "*",
 			"month": "*",
 			"weekday": "*",
@ -76,13 +76,13 @@
 	},
 	{
 		"name": "auto reload",
-		"when": "var_nginx_auto_reload_interval != None",
+		"when": "cfg_nginx.auto_reload_interval != None",
 		"become": true,
 		"ansible.builtin.cron": {
 			"name": "nginx_auto_reload",
 			"disabled": false,
 			"minute": "0",
-			"hour": "*/{{var_nginx_auto_reload_interval | string}}",
+			"hour": "*/{{cfg_nginx.auto_reload_interval | string}}",
 			"day": "*",
 			"month": "*",
 			"weekday": "*",
--- a/roles/nginx/vardef.json
+++ b/roles/nginx/vardef.json
@ -1,8 +0,0 @@
-{
-	"auto_reload_interval": {
-		"description": "in hours",
-		"nullable": true,
-		"type": "integer",
-		"mandatory": false
-	}
-}