dave
/
ansible-playbooks
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
๐Ÿ“— Ansible playbooks and roles for building an idempotent, interconnected and scalable infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
2 Branches
0 Tags
425 KiB
Tag: Branch: Tree: 101fc6e791
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '101fc6e791'
${ noResults }
ansible-playbooks/roles/nginx/tasks/main.yml

182 lines
5.0 KiB
Raw Normal View History Unescape

init
2 years ago
- name: set nginx_cfg
set_fact:
nginx_cfg: "{{ nginx_defaults | d({}) | combine(nginx | d({}), recursive=true) }}"
- name: install nginx and dependencies
include_tasks: tasks/install_packages.yml
vars:
package:
- nginx
- alpine: nginx-openrc
notify: restart nginx
- name: create user and group
include_tasks: tasks/create_user.yml
vars:
user:
name: "{{ nginx_cfg.user }}"
group: "{{ nginx_cfg.group }}"
when: (ansible_distribution is defined) and (ansible_distribution == 'Debian')
- name: edit init script
lineinfile:
path: /etc/init.d/nginx
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
backrefs: yes
insertafter: omit
loop:
- regexp: '^(\s*)checkpath --directory --owner \w+:\w+(.*)$'
line: '\g<1>checkpath --directory --owner {{ nginx_cfg.user }}:{{ nginx_cfg.group }}\g<2>'
- regexp: '^(\s*)cfgfile=\$\{cfgfile:\-.+\}(.*)$'
line: '\g<1>cfgfile=${cfgfile:-{{ nginx_cfg.conf_dir }}/nginx.conf}\g<2>'
- regexp: '^(\s*)command_args=\"(.*)\"(\s*)$'
line: '\g<1>command_args="-c $cfgfile -e /dev/null"\g<3>'
notify: restart nginx
when: (ansible_distribution is not defined) or (ansible_distribution == 'Alpine')
- name: create nginx directories
file:
path: "{{ item }}"
state: directory
mode: 0700
owner: "{{ nginx_cfg.user }}"
group: "{{ nginx_cfg.group }}"
loop:
- "{{ nginx_cfg.conf_dir }}"
- "{{ nginx_cfg.conf_dir }}/custom"
- "{{ nginx_cfg.conf_dir }}/tls"
notify: restart nginx
- name: remove unused nginx files
file:
path: "{{ nginx_cfg.conf_dir }}/{{ item }}"
state: absent
loop:
- fastcgi_params
- scgi_params
- uwsgi_params
- modules
- http.d
notify: restart nginx
- name: remove fastcgi.conf if cgi is not used
file:
path: "{{ nginx_cfg.conf_dir }}/fastcgi.conf"
state: absent
when: (nginx_cfg.fastcgi | d(false) == false) and
((nginx_cfg.servers | d([]) | selectattr('fastcgi', 'defined') | selectattr('fastcgi', 'equalto', true) | list | length) == 0)
notify: restart nginx
- name: template base nginx config
template:
src: nginx.j2
dest: "{{ nginx_cfg.conf_dir }}/nginx.conf"
force: yes
mode: 0600
owner: "{{ nginx_cfg.user }}"
group: "{{ nginx_cfg.group }}"
notify: restart nginx
- name: template fastcgi config if requested
template:
src: fastcgi.j2
dest: "{{ nginx_cfg.conf_dir }}/fastcgi.conf"
force: yes
mode: 0600
owner: "{{ nginx_cfg.user }}"
group: "{{ nginx_cfg.group }}"
when: (nginx_cfg.fastcgi | d(false) == true) or
((nginx_cfg.servers | d([]) | selectattr('fastcgi', 'defined') | selectattr('fastcgi', 'equalto', true) | list | length) > 0)
notify: restart nginx
- name: template server configs
template:
src: "{{ item.conf | d(item.name) }}.j2"
dest: "{{ nginx_cfg.conf_dir }}/custom/{{ item.conf | d(item.name) }}.conf"
force: yes
mode: 0600
owner: "{{ nginx_cfg.user }}"
group: "{{ nginx_cfg.group }}"
loop: "{{ nginx_cfg.servers | d([]) }}"
when: ((item.conf is defined) or (item.name is defined)) and not (item.conf == None)
notify: restart nginx
- name: template default http config
template:
src: "{{ nginx_cfg.default_http_config }}.j2"
dest: "{{ nginx_cfg.conf_dir }}/custom/{{ nginx_cfg.default_http_config }}.conf"
force: yes
mode: 0600
owner: "{{ nginx_cfg.user }}"
group: "{{ nginx_cfg.group }}"
when: nginx_cfg.default_http_config is defined
notify: restart nginx
- name: template extra configs
template:
src: "{{ item }}.j2"
dest: "{{ nginx_cfg.conf_dir }}/custom/{{ item }}.conf"
force: yes
mode: 0600
owner: "{{ nginx_cfg.user }}"
group: "{{ nginx_cfg.group }}"
loop: "{{ nginx_cfg.extra_configs | d([]) }}"
notify: restart nginx
- block:
- name: deploy certs
include_role:
name: certs
vars:
common:
owner: "{{ nginx_cfg.user }}"
group: "{{ nginx_cfg.group }}"
post_hook: service nginx restart
notify: restart nginx
stapling: "{{ nginx_cfg.must_staple | d(nginx_cfg.enable_stapling) | d(false) }}"
hosts: "{{ nginx_cfg.domains | d(None) }}"
certs:
- id: "{{ host_name ~ '-nginx-ecc' }}"
cert: "{{ nginx_cfg.conf_dir }}/tls/{{ nginx_cfg.cert_ecc_name }}.crt"
key: "{{ nginx_cfg.conf_dir }}/tls/{{ nginx_cfg.cert_ecc_name }}.key"
ecc: yes
- id: "{{ host_name ~ '-nginx-rsa' }}"
cert: "{{ nginx_cfg.conf_dir }}/tls/{{ nginx_cfg.cert_rsa_name }}.crt"
key: "{{ nginx_cfg.conf_dir }}/tls/{{ nginx_cfg.cert_rsa_name }}.key"
when: nginx_cfg.certs | d(false) == true
- name: change ownership of nginx temp directory
file:
path: /var/lib/nginx
state: directory
recurse: yes
owner: "{{ nginx_cfg.user }}"
group: "{{ nginx_cfg.group }}"
changed_when: no
- name: flush handlers
meta: flush_handlers
- name: enable and start nginx
service:
name: nginx
enabled: yes
state: started