From dcc52b04cc7fe77161220cf2fb4e38908767bcbd Mon Sep 17 00:00:00 2001
From: Marius Melzer <marius@rasumi.net>
Date: Sat, 20 Apr 2024 13:11:26 +0200
Subject: [PATCH] Generate dhparams instead of using a checked in file

---
 roles/nginx/tasks/main.json | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/roles/nginx/tasks/main.json b/roles/nginx/tasks/main.json
index 2d9e9ed..ca205e5 100644
--- a/roles/nginx/tasks/main.json
+++ b/roles/nginx/tasks/main.json
@@ -10,11 +10,10 @@
 		}
 	},
 	{
-		"name": "place dhparams file",
-		"become": true,
-		"ansible.builtin.copy": {
-			"src": "dhparam",
-			"dest": "/etc/nginx/dhparam"
+		"name": "generate dhparams file",
+		"ansible.builtin.command": "openssl dhparam -out /etc/nginx/dhparam 4096",
+		"args": {
+			"creates": "/etc/nginx/dhparam"
 		}
 	},
 	{