From 42904fbaa4c3d77e524095ef0a8ba7bb03a40cb3 Mon Sep 17 00:00:00 2001
From: Dan Anglin <daangling@gmail.com>
Date: Wed, 6 Nov 2019 22:52:46 +0000
Subject: [PATCH] refactor: Let's Encrypt location block

Removed the 'blockinfile' task and added the
location block for Let's Encrypt in the Nginx
config template. This bloc will be rendered if
Let's encrypt support is enabled.

Part of dananglin/pleroma-ansible-playbook#1
---
 roles/pleroma-nginx/tasks/main.yml             | 18 ------------------
 .../templates/etc_ngnix_confd_pleroma.conf.j2  | 10 +++++++++-
 2 files changed, 9 insertions(+), 19 deletions(-)

diff --git a/roles/pleroma-nginx/tasks/main.yml b/roles/pleroma-nginx/tasks/main.yml
index da7e8bf..998cb92 100644
--- a/roles/pleroma-nginx/tasks/main.yml
+++ b/roles/pleroma-nginx/tasks/main.yml
@@ -87,24 +87,6 @@
     type: RSA
   when: pleroma.ssl.letsEncrypt.enable
 
-- name: Nginx -- Ensuring the location block for the ACME challenge is configured.
-  blockinfile:
-    path: "{{ pleroma_nginx_conf_file }}"
-    state: present
-    mode: '0600'
-    owner: root
-    group: root
-    insertafter: '^\s+#\s\[\[PLACEHOLDER\sFOR\sLETS\sENCRYPT\sFOLDER\]\].*$'
-    block: |2
-          location ~/\.well-known/acme-challenge {
-            root {{ pleroma_letsEncrypt_baseDir }}/;
-            try_files $uri @forward_https;
-          }
-          location @forward_https {
-            return         301 https://$server_name$request_uri;
-          }
-  when: pleroma.ssl.letsEncrypt.enable
-
 - name: Nginx -- Checking if the full chain certificate exists.
   stat:
     path: "{{ pleroma_ssl_fullChainCert }}"
diff --git a/roles/pleroma-nginx/templates/etc_ngnix_confd_pleroma.conf.j2 b/roles/pleroma-nginx/templates/etc_ngnix_confd_pleroma.conf.j2
index 46a3dda..a64c4ea 100644
--- a/roles/pleroma-nginx/templates/etc_ngnix_confd_pleroma.conf.j2
+++ b/roles/pleroma-nginx/templates/etc_ngnix_confd_pleroma.conf.j2
@@ -7,7 +7,15 @@ server {
     listen         80;
     listen         [::]:80;
 
-    # [[PLACEHOLDER FOR LETS ENCRYPT FOLDER]]
+    {% if pleroma.ssl.letsEncrypt.enable == true -%}
+    location ~/\.well-known/acme-challenge {
+      root {{ pleroma_letsEncrypt_baseDir }}/;
+      try_files $uri @forward_https;
+    }
+    location @forward_https {
+      return         301 https://$server_name$request_uri;
+    }
+    {% endif %}
 
     location / {
       return         301 https://$server_name$request_uri;