2020-11-02 04:51:35 +01:00
|
|
|
---
|
|
|
|
|
- name: Create '{{ site.name }}' site plain http configuration
|
2021-02-04 16:01:30 +01:00
|
|
|
become: true
|
2021-02-06 16:23:23 +01:00
|
|
|
ansible.builtin.template:
|
2021-02-27 00:46:37 +01:00
|
|
|
src: '{{ item }}'
|
2020-11-02 04:51:35 +01:00
|
|
|
dest: '/etc/nginx/sites-available/{{ site.name }}_http'
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: 'u=rw,g=r,o=r'
|
2021-02-27 00:46:37 +01:00
|
|
|
with_first_found:
|
|
|
|
|
- files:
|
|
|
|
|
- 'files/nginx/sites/{{ site.name }}_http.conf'
|
|
|
|
|
- 'files/nginx/sites-available/vhost_http_redirect.conf.j2'
|
2020-11-02 04:51:35 +01:00
|
|
|
notify:
|
2021-02-04 13:49:56 +01:00
|
|
|
- systemctl reload nginx
|
2020-11-02 04:51:35 +01:00
|
|
|
|
|
|
|
|
- name: Create '{{ site.name }}' site tls https configuration
|
2021-02-04 16:01:30 +01:00
|
|
|
become: true
|
2021-02-06 16:23:23 +01:00
|
|
|
ansible.builtin.template:
|
2021-02-27 00:46:37 +01:00
|
|
|
template:
|
|
|
|
|
src: '{{ item }}'
|
2020-11-02 04:51:35 +01:00
|
|
|
dest: '/etc/nginx/sites-available/{{ site.name }}_tls'
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: 'u=rw,g=r,o=r'
|
2021-02-27 00:46:37 +01:00
|
|
|
with_first_found:
|
|
|
|
|
- files:
|
|
|
|
|
- 'files/nginx/sites/{{ site.name }}_tls.conf'
|
|
|
|
|
- 'files/nginx/sites-available/vhost_tls.conf.j2'
|
2020-11-02 04:51:35 +01:00
|
|
|
notify:
|
2021-02-04 13:49:56 +01:00
|
|
|
- systemctl reload nginx
|
2020-11-02 04:51:35 +01:00
|
|
|
|
2020-12-23 03:49:11 +01:00
|
|
|
- name: Create '{{ site.name }}' site tls parameter configuration
|
2021-02-04 16:01:30 +01:00
|
|
|
become: true
|
2021-02-06 16:23:23 +01:00
|
|
|
ansible.builtin.template:
|
2021-02-27 00:46:37 +01:00
|
|
|
src: '{{ item }}'
|
|
|
|
|
dest: '/etc/nginx/snippets/{{ site.name }}{{ item | basename }}'
|
2020-12-23 03:49:11 +01:00
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: 'u=rw,g=r,o=r'
|
2021-02-27 00:46:37 +01:00
|
|
|
with_items: "{{ lookup('hfg', 'nginx/snippets/_*_site.snippet.conf', wantlist=True) }}"
|
2020-12-23 03:49:11 +01:00
|
|
|
notify:
|
2021-02-04 13:49:56 +01:00
|
|
|
- systemctl reload nginx
|
2020-12-23 03:49:11 +01:00
|
|
|
|
|
|
|
|
- name: Create '{{ site.name }}' site tls certificate configuration
|
2021-02-04 16:01:30 +01:00
|
|
|
become: true
|
2021-02-06 16:23:23 +01:00
|
|
|
ansible.builtin.template:
|
2021-02-27 00:46:37 +01:00
|
|
|
template:
|
|
|
|
|
src: '{{ item }}'
|
|
|
|
|
dest: '/etc/nginx/snippets/{{ item | basename }}'
|
2020-12-23 03:49:11 +01:00
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: 'u=rw,g=r,o=r'
|
2021-02-27 00:46:37 +01:00
|
|
|
with_items: "{{ lookup('hfg', 'nginx/snippets/' + site.name + '_*_site.snippet.conf', wantlist=True) }}"
|
2020-12-23 03:49:11 +01:00
|
|
|
notify:
|
2021-02-04 13:49:56 +01:00
|
|
|
- systemctl reload nginx
|
2020-11-02 04:51:35 +01:00
|
|
|
|
2020-12-23 03:49:11 +01:00
|
|
|
- name: Create '{{ site.name }}' site logging configuration
|
2021-02-04 16:01:30 +01:00
|
|
|
become: true
|
2021-02-06 16:23:23 +01:00
|
|
|
ansible.builtin.template:
|
|
|
|
|
src: 'templates/nginx/snippets/logging.snippet.conf.j2'
|
2020-12-23 03:49:11 +01:00
|
|
|
dest: '/etc/nginx/snippets/logging_{{ site.name }}.snippet.conf'
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: 'u=rw,g=r,o=r'
|
|
|
|
|
notify:
|
2021-02-04 13:49:56 +01:00
|
|
|
- systemctl reload nginx
|
2020-11-02 04:51:35 +01:00
|
|
|
|
|
|
|
|
- name: Enable '{{ site.name }}' site plain http configuration
|
2021-02-04 16:01:30 +01:00
|
|
|
become: true
|
2021-02-06 16:23:23 +01:00
|
|
|
ansible.builtin.file:
|
2021-02-27 00:46:37 +01:00
|
|
|
file:
|
2020-11-02 04:51:35 +01:00
|
|
|
src: '/etc/nginx/sites-available/{{ site.name }}_http'
|
|
|
|
|
dest: '/etc/nginx/sites-enabled/{{ site.name }}_http'
|
|
|
|
|
state: link
|
|
|
|
|
notify:
|
2021-02-04 13:49:56 +01:00
|
|
|
- systemctl reload nginx
|
2021-02-27 00:46:37 +01:00
|
|
|
tags:
|
|
|
|
|
- configuration
|
|
|
|
|
- nginx
|
|
|
|
|
- sites
|
2020-11-02 04:51:35 +01:00
|
|
|
|
2021-02-27 00:46:37 +01:00
|
|
|
|
|
|
|
|
# Note: Normally done by acmetool after sucessfully obtaining a suitable certificate
|
2021-02-04 18:22:01 +01:00
|
|
|
- name: Enable '{{ site.name }}' site tls configuration
|
|
|
|
|
become: true
|
2021-02-06 16:23:23 +01:00
|
|
|
ansible.builtin.file:
|
2021-02-04 18:22:01 +01:00
|
|
|
src: '/etc/nginx/sites-available/{{ site.name }}_tls'
|
|
|
|
|
dest: '/etc/nginx/sites-enabled/{{ site.name }}_tls'
|
|
|
|
|
state: link
|
|
|
|
|
notify:
|
|
|
|
|
- systemctl reload nginx
|
2021-02-27 00:46:37 +01:00
|
|
|
when: nginx__disable_acmetool
|
|
|
|
|
tags:
|
|
|
|
|
- configuration
|
|
|
|
|
- nginx
|
|
|
|
|
- sites
|
