1
0
Fork 0
mirror of https://github.com/DO1JLR/ansible_role_nginx.git synced 2024-08-16 16:19:48 +02:00

move templates to template dir and implement some useful options

This commit is contained in:
L3D 2021-02-04 16:01:30 +01:00
parent f5de2a2056
commit f4687d7a1f
Signed by: l3d
GPG key ID: CD08445BFF4313D1
7 changed files with 35 additions and 84 deletions

View file

@ -29,3 +29,9 @@ nginx__snippet_files:
nginx__dhparam_size: 4096
nxinx__state: 'present'
# disable it if you do not want a autogenerated infrastructure domain config
nginx__infrastructure_domain__enabled: true
# disable this variable if you don't want to use our acmetool role to manage tls certificates
nginx__acmetool_enabled: true

View file

@ -1,57 +1,42 @@
---
- name: Create default site plain http configuration
template:
src: 'files/nginx/sites-available/default_http.j2'
become: true
ansible.builtin.template:
src: 'templates/nginx/sites-available/default_http.j2'
dest: '/etc/nginx/sites-available/{{ inventory_hostname }}_http'
owner: root
group: root
mode: 'u=rw,g=r,o=r'
notify:
- systemctl reload nginx
tags:
- configuration
- nginx
- sites
- name: Create default site tls https configuration
become: true
template:
src: 'files/nginx/sites-available/default_tls.j2'
src: 'templates/nginx/sites-available/default_tls.j2'
dest: '/etc/nginx/sites-available/{{ inventory_hostname }}_tls'
owner: root
group: root
mode: 'u=rw,g=r,o=r'
notify:
- systemctl reload nginx
tags:
- configuration
- nginx
- sites
- name: Enable default site plain http configuration
become: true
file:
src: '/etc/nginx/sites-available/{{ inventory_hostname }}_http'
dest: '/etc/nginx/sites-enabled/{{ inventory_hostname }}_http'
state: link
notify:
- systemctl reload nginx
tags:
- configuration
- nginx
- sites
# Note: Done by acmetool after sucessfully obtaining a suitable certificate
#- name: Enable default site configuration
# file:
# src: '/etc/nginx/sites-available/{{ inventory_hostname }}_tls'
# dest: '/etc/nginx/sites-enabled/{{ inventory_hostname }}_tls'
# state: link
# notify:
# - systemctl reload nginx
# tags:
# - configuration
# - nginx
# - sites
- name: Enable default site configuration
become: true
file:
src: '/etc/nginx/sites-available/{{ inventory_hostname }}_tls'
dest: '/etc/nginx/sites-enabled/{{ inventory_hostname }}_tls'
state: link
notify:
- systemctl reload nginx
when: not nginx__acmetool_enabled

View file

@ -9,31 +9,21 @@
- name: Configure nginx
include_tasks: nginx.yml
- name: Start nginx webserver
service:
- name: start nginx webserver
ansible.builtin.systemd:
name: nginx
state: started
enabled: yes
tags:
- operation
- nginx
enabled: true
- name: Configure nginx default site
- name: configure nginx default site
include_tasks: default_site.yml
tags:
- configuration
- nginx
- sites
when: nginx__infrastructure_domain__enabled | bool
- name: Configure nginx sites
include_tasks: single_site.yml
with_items: '{{ nginx_sites }}'
loop_control:
loop_var: site
tags:
- configuration
- nginx
- sites
# Restart nginx before doing acme stuff
- name: Flush handlers to restart nginx now

View file

@ -1,10 +1,8 @@
---
# TODO: Implement site config template templates
- name: Create '{{ site.name }}' site plain http configuration
become: true
template:
src: 'files/nginx/sites-available/http_plain_redirect.conf.j2'
src: 'templates/nginx/sites-available/http_plain_redirect.conf.j2'
dest: '/etc/nginx/sites-available/{{ site.name }}_http'
owner: root
group: root
@ -12,13 +10,9 @@
#when: site.http_plain_template | default(True)
notify:
- systemctl reload nginx
tags:
- configuration
- nginx
- sites
- name: Create '{{ site.name }}' site tls https configuration
become: true
template:
src: 'files/nginx/sites/{{ site.name }}_tls.conf'
dest: '/etc/nginx/sites-available/{{ site.name }}_tls'
@ -28,13 +22,9 @@
#when: not site.redirect_target | default(True)
notify:
- systemctl reload nginx
tags:
- configuration
- nginx
- sites
- name: Create '{{ site.name }}' site tls parameter configuration
become: true
template:
src: 'files/nginx/snippets/tls_parameters.snippet.conf'
dest: '/etc/nginx/snippets/tls_parameters_{{ site.name }}.snippet.conf'
@ -43,13 +33,9 @@
mode: 'u=rw,g=r,o=r'
notify:
- systemctl reload nginx
tags:
- configuration
- nginx
- sites
- name: Create '{{ site.name }}' site tls certificate configuration
become: true
template:
src: 'files/nginx/snippets/tls_certificate.snippet.conf'
dest: '/etc/nginx/snippets/tls_certificate_{{ site.name }}.snippet.conf'
@ -58,13 +44,9 @@
mode: 'u=rw,g=r,o=r'
notify:
- systemctl reload nginx
tags:
- configuration
- nginx
- sites
- name: Create '{{ site.name }}' site logging configuration
become: true
template:
src: 'files/nginx/snippets/logging.snippet.conf'
dest: '/etc/nginx/snippets/logging_{{ site.name }}.snippet.conf'
@ -73,13 +55,9 @@
mode: 'u=rw,g=r,o=r'
notify:
- systemctl reload nginx
tags:
- configuration
- nginx
- sites
#- name: Copy additional per site '{{ site.name }}' snippet files
# become: true
# template:
# src: 'files/nginx/snippets/{{ item }}'
# dest: '/etc/nginx/snippets/{{ item }}'
@ -95,8 +73,8 @@
# - nginx
# - sites
- name: Enable '{{ site.name }}' site plain http configuration
become: true
file:
src: '/etc/nginx/sites-available/{{ site.name }}_http'
dest: '/etc/nginx/sites-enabled/{{ site.name }}_http'
@ -104,21 +82,13 @@
when: site.http_plain_template | default(True)
notify:
- systemctl reload nginx
tags:
- configuration
- nginx
- sites
# Note: done by acmetool after sucessfully obtaining a suitable certificate
#- name: Enable '{{ site.name }}' site tls configuration
# become: true
# file:
# src: '/etc/nginx/sites-available/{{ site.name }}_tls'
# dest: '/etc/nginx/sites-enabled/{{ site.name }}_tls'
# state: link
# notify:
# - systemctl reload nginx
# tags:
# - configuration
# - nginx
# - sites