2020-11-02 04:51:35 +01:00
|
|
|
---
|
2023-03-07 19:28:51 +01:00
|
|
|
- name: "Create site plain http configuration for '{{ site.name }}'"
|
2021-02-04 16:01:30 +01:00
|
|
|
become: true
|
2021-02-06 16:23:23 +01:00
|
|
|
ansible.builtin.template:
|
2021-02-04 18:27:54 +01:00
|
|
|
src: 'templates/nginx/sites-available/http_plain_redirect.conf.j2'
|
2020-11-02 04:51:35 +01:00
|
|
|
dest: '/etc/nginx/sites-available/{{ site.name }}_http'
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 'u=rw,g=r,o=r'
|
|
|
|
notify:
|
2023-03-07 19:28:51 +01:00
|
|
|
- Run systemctl reload nginx
|
2020-11-02 04:51:35 +01:00
|
|
|
|
2023-03-07 19:28:51 +01:00
|
|
|
- name: "Create site tls https configuration for '{{ site.name }}'"
|
2021-02-04 16:01:30 +01:00
|
|
|
become: true
|
2021-02-06 16:23:23 +01:00
|
|
|
ansible.builtin.template:
|
2020-11-02 04:51:35 +01:00
|
|
|
src: 'files/nginx/sites/{{ site.name }}_tls.conf'
|
|
|
|
dest: '/etc/nginx/sites-available/{{ site.name }}_tls'
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 'u=rw,g=r,o=r'
|
|
|
|
notify:
|
2023-03-07 19:28:51 +01:00
|
|
|
- Run systemctl reload nginx
|
2020-11-02 04:51:35 +01:00
|
|
|
|
2023-03-07 19:28:51 +01:00
|
|
|
- name: "Create site tls parameter configuration for '{{ site.name }}'"
|
2021-02-04 16:01:30 +01:00
|
|
|
become: true
|
2021-02-06 16:23:23 +01:00
|
|
|
ansible.builtin.template:
|
2020-12-23 03:49:11 +01:00
|
|
|
src: 'files/nginx/snippets/tls_parameters.snippet.conf'
|
|
|
|
dest: '/etc/nginx/snippets/tls_parameters_{{ site.name }}.snippet.conf'
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 'u=rw,g=r,o=r'
|
|
|
|
notify:
|
2023-03-07 19:28:51 +01:00
|
|
|
- Run systemctl reload nginx
|
2020-12-23 03:49:11 +01:00
|
|
|
|
2023-03-07 19:28:51 +01:00
|
|
|
- name: "Create site tls certificate configuration '{{ site.name }}'"
|
2021-02-04 16:01:30 +01:00
|
|
|
become: true
|
2021-02-06 16:23:23 +01:00
|
|
|
ansible.builtin.template:
|
2020-12-23 03:49:11 +01:00
|
|
|
src: 'files/nginx/snippets/tls_certificate.snippet.conf'
|
|
|
|
dest: '/etc/nginx/snippets/tls_certificate_{{ site.name }}.snippet.conf'
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 'u=rw,g=r,o=r'
|
|
|
|
notify:
|
2023-03-07 19:28:51 +01:00
|
|
|
- Run systemctl reload nginx
|
2020-11-02 04:51:35 +01:00
|
|
|
|
2023-03-07 19:28:51 +01:00
|
|
|
- name: "Create site logging configuration '{{ site.name }}'"
|
2021-02-04 16:01:30 +01:00
|
|
|
become: true
|
2021-02-06 16:23:23 +01:00
|
|
|
ansible.builtin.template:
|
|
|
|
src: 'templates/nginx/snippets/logging.snippet.conf.j2'
|
2020-12-23 03:49:11 +01:00
|
|
|
dest: '/etc/nginx/snippets/logging_{{ site.name }}.snippet.conf'
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 'u=rw,g=r,o=r'
|
|
|
|
notify:
|
2023-03-07 19:28:51 +01:00
|
|
|
- Run systemctl reload nginx
|
2020-11-02 04:51:35 +01:00
|
|
|
|
2023-03-07 19:28:51 +01:00
|
|
|
- name: "Enable site plain http configuration '{{ site.name }}'"
|
2021-02-04 16:01:30 +01:00
|
|
|
become: true
|
2021-02-06 16:23:23 +01:00
|
|
|
ansible.builtin.file:
|
2020-11-02 04:51:35 +01:00
|
|
|
src: '/etc/nginx/sites-available/{{ site.name }}_http'
|
|
|
|
dest: '/etc/nginx/sites-enabled/{{ site.name }}_http'
|
|
|
|
state: link
|
|
|
|
when: site.http_plain_template | default(True)
|
|
|
|
notify:
|
2023-03-07 19:28:51 +01:00
|
|
|
- Run systemctl reload nginx
|
2020-11-02 04:51:35 +01:00
|
|
|
|
|
|
|
# Note: done by acmetool after sucessfully obtaining a suitable certificate
|
2023-03-07 19:28:51 +01:00
|
|
|
- name: "Enable site tls configuration '{{ site.name }}'"
|
2021-02-04 18:22:01 +01:00
|
|
|
become: true
|
2021-02-06 16:23:23 +01:00
|
|
|
ansible.builtin.file:
|
2021-02-04 18:22:01 +01:00
|
|
|
src: '/etc/nginx/sites-available/{{ site.name }}_tls'
|
|
|
|
dest: '/etc/nginx/sites-enabled/{{ site.name }}_tls'
|
|
|
|
state: link
|
|
|
|
notify:
|
2023-03-07 19:28:51 +01:00
|
|
|
- Run systemctl reload nginx
|
2021-02-04 18:22:01 +01:00
|
|
|
when: not nginx__acmetool_enabled
|