mirror of
https://github.com/DO1JLR/ansible_role_nginx.git
synced 2024-08-16 16:19:48 +02:00
move templates to template dir and implement some useful options
This commit is contained in:
parent
f5de2a2056
commit
f4687d7a1f
GPG key ID:
CD08445BFF4313D1
7 changed files with 35 additions and 84 deletions
|
|
@ -29,3 +29,9 @@ nginx__snippet_files:
|
||||||
nginx__dhparam_size: 4096
|
nginx__dhparam_size: 4096
|
||||||
|
|
||||||
nxinx__state: 'present'
|
nxinx__state: 'present'
|
||||||
|
|
||||||
|
# disable it if you do not want a autogenerated infrastructure domain config
|
||||||
|
nginx__infrastructure_domain__enabled: true
|
||||||
|
|
||||||
|
# disable this variable if you don't want to use our acmetool role to manage tls certificates
|
||||||
|
nginx__acmetool_enabled: true
|
||||||
|
|
|
||||||
|
|
@ -1,57 +1,42 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Create default site plain http configuration
|
- name: Create default site plain http configuration
|
||||||
template:
|
become: true
|
||||||
src: 'files/nginx/sites-available/default_http.j2'
|
ansible.builtin.template:
|
||||||
|
src: 'templates/nginx/sites-available/default_http.j2'
|
||||||
dest: '/etc/nginx/sites-available/{{ inventory_hostname }}_http'
|
dest: '/etc/nginx/sites-available/{{ inventory_hostname }}_http'
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 'u=rw,g=r,o=r'
|
mode: 'u=rw,g=r,o=r'
|
||||||
notify:
|
notify:
|
||||||
- systemctl reload nginx
|
- systemctl reload nginx
|
||||||
tags:
|
|
||||||
- configuration
|
|
||||||
- nginx
|
|
||||||
- sites
|
|
||||||
|
|
||||||
|
|
||||||
- name: Create default site tls https configuration
|
- name: Create default site tls https configuration
|
||||||
|
become: true
|
||||||
template:
|
template:
|
||||||
src: 'files/nginx/sites-available/default_tls.j2'
|
src: 'templates/nginx/sites-available/default_tls.j2'
|
||||||
dest: '/etc/nginx/sites-available/{{ inventory_hostname }}_tls'
|
dest: '/etc/nginx/sites-available/{{ inventory_hostname }}_tls'
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 'u=rw,g=r,o=r'
|
mode: 'u=rw,g=r,o=r'
|
||||||
notify:
|
notify:
|
||||||
- systemctl reload nginx
|
- systemctl reload nginx
|
||||||
tags:
|
|
||||||
- configuration
|
|
||||||
- nginx
|
|
||||||
- sites
|
|
||||||
|
|
||||||
|
|
||||||
- name: Enable default site plain http configuration
|
- name: Enable default site plain http configuration
|
||||||
|
become: true
|
||||||
file:
|
file:
|
||||||
src: '/etc/nginx/sites-available/{{ inventory_hostname }}_http'
|
src: '/etc/nginx/sites-available/{{ inventory_hostname }}_http'
|
||||||
dest: '/etc/nginx/sites-enabled/{{ inventory_hostname }}_http'
|
dest: '/etc/nginx/sites-enabled/{{ inventory_hostname }}_http'
|
||||||
state: link
|
state: link
|
||||||
notify:
|
notify:
|
||||||
- systemctl reload nginx
|
- systemctl reload nginx
|
||||||
tags:
|
|
||||||
- configuration
|
|
||||||
- nginx
|
|
||||||
- sites
|
|
||||||
|
|
||||||
|
|
||||||
# Note: Done by acmetool after sucessfully obtaining a suitable certificate
|
# Note: Done by acmetool after sucessfully obtaining a suitable certificate
|
||||||
#- name: Enable default site configuration
|
- name: Enable default site configuration
|
||||||
# file:
|
become: true
|
||||||
# src: '/etc/nginx/sites-available/{{ inventory_hostname }}_tls'
|
file:
|
||||||
# dest: '/etc/nginx/sites-enabled/{{ inventory_hostname }}_tls'
|
src: '/etc/nginx/sites-available/{{ inventory_hostname }}_tls'
|
||||||
# state: link
|
dest: '/etc/nginx/sites-enabled/{{ inventory_hostname }}_tls'
|
||||||
# notify:
|
state: link
|
||||||
# - systemctl reload nginx
|
notify:
|
||||||
# tags:
|
- systemctl reload nginx
|
||||||
# - configuration
|
when: not nginx__acmetool_enabled
|
||||||
# - nginx
|
|
||||||
# - sites
|
|
||||||
|
|
|
||||||
|
|
@ -9,31 +9,21 @@
|
||||||
- name: Configure nginx
|
- name: Configure nginx
|
||||||
include_tasks: nginx.yml
|
include_tasks: nginx.yml
|
||||||
|
|
||||||
- name: Start nginx webserver
|
- name: start nginx webserver
|
||||||
service:
|
ansible.builtin.systemd:
|
||||||
name: nginx
|
name: nginx
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: true
|
||||||
tags:
|
|
||||||
- operation
|
|
||||||
- nginx
|
|
||||||
|
|
||||||
- name: Configure nginx default site
|
- name: configure nginx default site
|
||||||
include_tasks: default_site.yml
|
include_tasks: default_site.yml
|
||||||
tags:
|
when: nginx__infrastructure_domain__enabled | bool
|
||||||
- configuration
|
|
||||||
- nginx
|
|
||||||
- sites
|
|
||||||
|
|
||||||
- name: Configure nginx sites
|
- name: Configure nginx sites
|
||||||
include_tasks: single_site.yml
|
include_tasks: single_site.yml
|
||||||
with_items: '{{ nginx_sites }}'
|
with_items: '{{ nginx_sites }}'
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: site
|
loop_var: site
|
||||||
tags:
|
|
||||||
- configuration
|
|
||||||
- nginx
|
|
||||||
- sites
|
|
||||||
|
|
||||||
# Restart nginx before doing acme stuff
|
# Restart nginx before doing acme stuff
|
||||||
- name: Flush handlers to restart nginx now
|
- name: Flush handlers to restart nginx now
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,8 @@
|
||||||
---
|
---
|
||||||
# TODO: Implement site config template templates
|
|
||||||
|
|
||||||
|
|
||||||
- name: Create '{{ site.name }}' site plain http configuration
|
- name: Create '{{ site.name }}' site plain http configuration
|
||||||
|
become: true
|
||||||
template:
|
template:
|
||||||
src: 'files/nginx/sites-available/http_plain_redirect.conf.j2'
|
src: 'templates/nginx/sites-available/http_plain_redirect.conf.j2'
|
||||||
dest: '/etc/nginx/sites-available/{{ site.name }}_http'
|
dest: '/etc/nginx/sites-available/{{ site.name }}_http'
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
|
@ -12,13 +10,9 @@
|
||||||
#when: site.http_plain_template | default(True)
|
#when: site.http_plain_template | default(True)
|
||||||
notify:
|
notify:
|
||||||
- systemctl reload nginx
|
- systemctl reload nginx
|
||||||
tags:
|
|
||||||
- configuration
|
|
||||||
- nginx
|
|
||||||
- sites
|
|
||||||
|
|
||||||
|
|
||||||
- name: Create '{{ site.name }}' site tls https configuration
|
- name: Create '{{ site.name }}' site tls https configuration
|
||||||
|
become: true
|
||||||
template:
|
template:
|
||||||
src: 'files/nginx/sites/{{ site.name }}_tls.conf'
|
src: 'files/nginx/sites/{{ site.name }}_tls.conf'
|
||||||
dest: '/etc/nginx/sites-available/{{ site.name }}_tls'
|
dest: '/etc/nginx/sites-available/{{ site.name }}_tls'
|
||||||
|
|
@ -28,13 +22,9 @@
|
||||||
#when: not site.redirect_target | default(True)
|
#when: not site.redirect_target | default(True)
|
||||||
notify:
|
notify:
|
||||||
- systemctl reload nginx
|
- systemctl reload nginx
|
||||||
tags:
|
|
||||||
- configuration
|
|
||||||
- nginx
|
|
||||||
- sites
|
|
||||||
|
|
||||||
|
|
||||||
- name: Create '{{ site.name }}' site tls parameter configuration
|
- name: Create '{{ site.name }}' site tls parameter configuration
|
||||||
|
become: true
|
||||||
template:
|
template:
|
||||||
src: 'files/nginx/snippets/tls_parameters.snippet.conf'
|
src: 'files/nginx/snippets/tls_parameters.snippet.conf'
|
||||||
dest: '/etc/nginx/snippets/tls_parameters_{{ site.name }}.snippet.conf'
|
dest: '/etc/nginx/snippets/tls_parameters_{{ site.name }}.snippet.conf'
|
||||||
|
|
@ -43,13 +33,9 @@
|
||||||
mode: 'u=rw,g=r,o=r'
|
mode: 'u=rw,g=r,o=r'
|
||||||
notify:
|
notify:
|
||||||
- systemctl reload nginx
|
- systemctl reload nginx
|
||||||
tags:
|
|
||||||
- configuration
|
|
||||||
- nginx
|
|
||||||
- sites
|
|
||||||
|
|
||||||
|
|
||||||
- name: Create '{{ site.name }}' site tls certificate configuration
|
- name: Create '{{ site.name }}' site tls certificate configuration
|
||||||
|
become: true
|
||||||
template:
|
template:
|
||||||
src: 'files/nginx/snippets/tls_certificate.snippet.conf'
|
src: 'files/nginx/snippets/tls_certificate.snippet.conf'
|
||||||
dest: '/etc/nginx/snippets/tls_certificate_{{ site.name }}.snippet.conf'
|
dest: '/etc/nginx/snippets/tls_certificate_{{ site.name }}.snippet.conf'
|
||||||
|
|
@ -58,13 +44,9 @@
|
||||||
mode: 'u=rw,g=r,o=r'
|
mode: 'u=rw,g=r,o=r'
|
||||||
notify:
|
notify:
|
||||||
- systemctl reload nginx
|
- systemctl reload nginx
|
||||||
tags:
|
|
||||||
- configuration
|
|
||||||
- nginx
|
|
||||||
- sites
|
|
||||||
|
|
||||||
|
|
||||||
- name: Create '{{ site.name }}' site logging configuration
|
- name: Create '{{ site.name }}' site logging configuration
|
||||||
|
become: true
|
||||||
template:
|
template:
|
||||||
src: 'files/nginx/snippets/logging.snippet.conf'
|
src: 'files/nginx/snippets/logging.snippet.conf'
|
||||||
dest: '/etc/nginx/snippets/logging_{{ site.name }}.snippet.conf'
|
dest: '/etc/nginx/snippets/logging_{{ site.name }}.snippet.conf'
|
||||||
|
|
@ -73,13 +55,9 @@
|
||||||
mode: 'u=rw,g=r,o=r'
|
mode: 'u=rw,g=r,o=r'
|
||||||
notify:
|
notify:
|
||||||
- systemctl reload nginx
|
- systemctl reload nginx
|
||||||
tags:
|
|
||||||
- configuration
|
|
||||||
- nginx
|
|
||||||
- sites
|
|
||||||
|
|
||||||
|
|
||||||
#- name: Copy additional per site '{{ site.name }}' snippet files
|
#- name: Copy additional per site '{{ site.name }}' snippet files
|
||||||
|
# become: true
|
||||||
# template:
|
# template:
|
||||||
# src: 'files/nginx/snippets/{{ item }}'
|
# src: 'files/nginx/snippets/{{ item }}'
|
||||||
# dest: '/etc/nginx/snippets/{{ item }}'
|
# dest: '/etc/nginx/snippets/{{ item }}'
|
||||||
|
|
@ -95,8 +73,8 @@
|
||||||
# - nginx
|
# - nginx
|
||||||
# - sites
|
# - sites
|
||||||
|
|
||||||
|
|
||||||
- name: Enable '{{ site.name }}' site plain http configuration
|
- name: Enable '{{ site.name }}' site plain http configuration
|
||||||
|
become: true
|
||||||
file:
|
file:
|
||||||
src: '/etc/nginx/sites-available/{{ site.name }}_http'
|
src: '/etc/nginx/sites-available/{{ site.name }}_http'
|
||||||
dest: '/etc/nginx/sites-enabled/{{ site.name }}_http'
|
dest: '/etc/nginx/sites-enabled/{{ site.name }}_http'
|
||||||
|
|
@ -104,21 +82,13 @@
|
||||||
when: site.http_plain_template | default(True)
|
when: site.http_plain_template | default(True)
|
||||||
notify:
|
notify:
|
||||||
- systemctl reload nginx
|
- systemctl reload nginx
|
||||||
tags:
|
|
||||||
- configuration
|
|
||||||
- nginx
|
|
||||||
- sites
|
|
||||||
|
|
||||||
|
|
||||||
# Note: done by acmetool after sucessfully obtaining a suitable certificate
|
# Note: done by acmetool after sucessfully obtaining a suitable certificate
|
||||||
#- name: Enable '{{ site.name }}' site tls configuration
|
#- name: Enable '{{ site.name }}' site tls configuration
|
||||||
|
# become: true
|
||||||
# file:
|
# file:
|
||||||
# src: '/etc/nginx/sites-available/{{ site.name }}_tls'
|
# src: '/etc/nginx/sites-available/{{ site.name }}_tls'
|
||||||
# dest: '/etc/nginx/sites-enabled/{{ site.name }}_tls'
|
# dest: '/etc/nginx/sites-enabled/{{ site.name }}_tls'
|
||||||
# state: link
|
# state: link
|
||||||
# notify:
|
# notify:
|
||||||
# - systemctl reload nginx
|
# - systemctl reload nginx
|
||||||
# tags:
|
|
||||||
# - configuration
|
|
||||||
# - nginx
|
|
||||||
# - sites
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue