2020-11-02 04:51:35 +01:00
|
|
|
---
|
|
|
|
|
- name: Copy main nginx configuration file
|
2021-02-04 13:49:56 +01:00
|
|
|
become: true
|
2021-10-18 00:42:23 +02:00
|
|
|
ansible.builtin.template:
|
|
|
|
|
src: 'templates/nginx/nginx.conf.j2'
|
2020-11-02 04:51:35 +01:00
|
|
|
dest: '/etc/nginx/'
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: 'u=rw,g=r,o=r'
|
|
|
|
|
notify:
|
2021-02-04 13:49:56 +01:00
|
|
|
- systemctl reload nginx
|
2020-11-02 04:51:35 +01:00
|
|
|
|
2020-12-24 19:52:31 +01:00
|
|
|
- name: Create 'private' directory
|
2021-02-04 13:49:56 +01:00
|
|
|
become: true
|
2021-02-06 16:23:23 +01:00
|
|
|
ansible.builtin.file:
|
2020-12-24 19:52:31 +01:00
|
|
|
path: '/etc/nginx/private'
|
|
|
|
|
state: directory
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: 'u=rwx,g=rx,o=rx'
|
|
|
|
|
|
|
|
|
|
- name: Create new dhparam of size '{{ nginx__dhparam_size }}'
|
2021-02-04 13:49:56 +01:00
|
|
|
become: true
|
2021-02-06 16:23:23 +01:00
|
|
|
community.crypto.openssl_dhparam:
|
2020-12-24 19:52:31 +01:00
|
|
|
path: '/etc/nginx/private/dhparam.pem'
|
|
|
|
|
size: '{{ nginx__dhparam_size | mandatory }}'
|
|
|
|
|
notify:
|
2021-02-04 13:49:56 +01:00
|
|
|
- systemctl reload nginx
|
2020-11-02 04:51:35 +01:00
|
|
|
|
|
|
|
|
- name: Create 'sites-available' directory
|
2021-02-04 13:49:56 +01:00
|
|
|
become: true
|
2021-02-06 16:23:23 +01:00
|
|
|
ansible.builtin.file:
|
2020-11-02 04:51:35 +01:00
|
|
|
path: '/etc/nginx/sites-available'
|
|
|
|
|
state: directory
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: 'u=rwx,g=rx,o=rx'
|
|
|
|
|
|
|
|
|
|
- name: Create 'sites-enabled' directory
|
2021-02-04 13:49:56 +01:00
|
|
|
become: true
|
2021-02-06 16:23:23 +01:00
|
|
|
ansible.builtin.file:
|
2020-11-02 04:51:35 +01:00
|
|
|
path: '/etc/nginx/sites-enabled'
|
|
|
|
|
state: directory
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: 'u=rwx,g=rx,o=rx'
|
|
|
|
|
|
2020-11-04 06:02:00 +01:00
|
|
|
# Todo: Reconsider best practices
|
|
|
|
|
- name: Remove default site config from package installation
|
2021-02-04 13:49:56 +01:00
|
|
|
become: true
|
2021-02-06 16:23:23 +01:00
|
|
|
ansible.builtin.file:
|
2020-11-04 06:02:00 +01:00
|
|
|
path: '{{ item }}'
|
|
|
|
|
state: absent
|
|
|
|
|
with_items:
|
|
|
|
|
- '/etc/nginx/sites-enabled/default'
|
|
|
|
|
- '/etc/nginx/sites-available/default'
|
|
|
|
|
|
2020-11-02 04:51:35 +01:00
|
|
|
- name: Create 'snippets' directory
|
2021-02-04 13:49:56 +01:00
|
|
|
become: true
|
2021-02-06 16:23:23 +01:00
|
|
|
ansible.builtin.file:
|
2020-11-02 04:51:35 +01:00
|
|
|
path: '/etc/nginx/snippets'
|
|
|
|
|
state: directory
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: 'u=rwx,g=rx,o=rx'
|
|
|
|
|
|
|
|
|
|
- name: Copy nginx snippet files
|
2021-02-04 13:49:56 +01:00
|
|
|
become: true
|
2021-02-06 16:23:23 +01:00
|
|
|
ansible.builtin.copy:
|
2021-02-04 14:35:47 +01:00
|
|
|
src: '{{ nginx__snippet_path }}{{ item }}'
|
2020-11-02 04:51:35 +01:00
|
|
|
dest: '/etc/nginx/snippets/{{ item }}'
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: 'u=rw,g=r,o=r'
|
2021-02-04 14:35:47 +01:00
|
|
|
with_items: '{{ nginx__snippet_files }}'
|
2020-11-02 04:51:35 +01:00
|
|
|
notify:
|
2021-02-04 13:49:56 +01:00
|
|
|
- systemctl reload nginx
|
