Optimized nginx CSP (prop. leads to problems due to too high restrictions for some roles) and implemented health check for mailer

2025-08-29 15:06:26 +02:00 · 2025-04-30 08:19:27 +02:00
parent 858cc770ec
commit 9575ee31ff
41 changed files with 224 additions and 113 deletions
--- a/roles/nginx-https-get-cert/tasks/flavors/san.yml
+++ b/roles/nginx-https-get-cert/tasks/flavors/san.yml
@@ -21,6 +21,9 @@
    {{ '--mode-test' if mode_test | bool else '' }}
  register: certbundle_result
  changed_when: "'Certificate not yet due for renewal' not in certbundle_result.stdout"
+  failed_when: >
+    certbundle_result.rc != 0
+    and 'too many certificates' not in certbundle_result.stderr
  when: run_once_san_certs is not defined

 - name: run the san tasks once