ben
/
infra
1
1
Fork 2
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity
infra/roles/nginx/tasks/nginx.yml

170 lines
3.6 KiB
YAML
Raw Permalink Blame History

---
# - name: add apt key
# apt_key:
# url: https://nginx.org/keys/nginx_signing.key
# state: present
# when: ansible_lsb.id == "Debian" and ansible_lsb.codename != "bullseye"
# tags:
# - packages
# - name: add repo for debian (except bullseye)
# apt_repository:
# repo: "deb http://nginx.org/packages/mainline/debian {{ ansible_distribution_release }} nginx"
# state: present
# update_cache: yes
# when: ansible_lsb.id == "Debian" and ansible_lsb.codename != "bullseye"
# tags:
# - packages
- name: install nginx
apt:
name:
- nginx
- nginx-full
- libnginx-mod-http-fancyindex
- uwsgi
- uwsgi-plugin-python3
- apache2-utils
- wwwsudois
update_cache: true
state: latest
environment:
PATH: "{{ ansible_env.PATH }}:/sbin:/usr/sbin"
when: not skip_apt|default(false)
tags:
- packages
- wwwsudois
- www.sudo.is
- apt.sudo.is
- name: make cache dir
file:
state: directory
path: /var/cache/nginx
owner: www-data
group: root
mode: 0700
# - name: create dh file
# command: openssl dhparam -out /etc/nginx/dhparam.pem 4096
# args:
# creates: /etc/nginx/dhparam.pem
- name: remove default vhost boilerplate
file:
path: /etc/nginx/sites-enabled/default
state: absent
notify: reload nginx
tags: nginx-default-vhost
- name: template conf.d files
template:
src: "{{ item }}.j2"
dest: /etc/nginx/conf.d/{{ item }}
with_items:
- uploadsize.conf
tags:
- nginx-conf
- nginx-conf
notify: reload nginx
- name: template config files
template:
src: "{{ item }}.j2"
dest: /etc/nginx/{{ item }}
with_items:
- nginx.conf
- require_auth.conf
- require_auth_proxy.conf
- authelia_internal.conf
- listen-proxy-protocol.conf
- sudo-known.conf
- well-known.conf
tags:
- nginx-conf
- authelia-nginx
- well-known
- nginx-well-known
- gitea-nginx
notify: reload nginx
- name: template default index.html
template:
src: index.html.j2
dest: /var/www/html/index.html
- name: template default vhosts
template:
src: 00-default.j2
dest: /etc/nginx/sites-enabled/00-default
notify: reload nginx
tags:
- nginx-config
- nginx-default-vhost
- name: cleanup
file:
path: "/etc/nginx/sites-enabled/{{ item }}"
state: absent
with_items:
- 00-default-http
- 00-default-https
- name: cleanup for www role
file:
path: "{{ item }}"
state: absent
when: nginx_cleanup == true
with_items:
- /etc/nginx/sites-enabled/01-sudo.is.conf
- /usr/local/etc/certs/www.{{ domain }}
notify: reload nginx
- name: template default proxy vhosts (if any)
template:
src: vhost-proxy.j2
dest: /etc/nginx/sites-enabled/01-proxy-vhosts
when: "nginx_vhost_proxies is defined"
tags:
- nginx-config
- nginx-vhosts
- nginx-vhost-proxies
notify: reload nginx
- name: copy vhosts (specific roles copy/template their own)
copy:
src: "{{ item }}"
dest: "/etc/nginx/sites-enabled/{{ item }}"
with_items: "{{ nginx_vhosts | default([])}}"
tags: nginx-config
notify: reload nginx
- name: start and enable nginx
service:
name: nginx
enabled: true
state: started
- name: telegraf file
template:
src: telegraf-nginx.conf.j2
dest: /etc/telegraf/telegraf.d/nginx.conf
notify:
- restart telegraf
tags:
- telegraf
- name: template filebeat config
template:
src: filebeat-nginx.yml.j2
dest: "/etc/filebeat/inputs.d/nginx.yml"
owner: root
group: root
mode: 0644
tags:
- filebeat
- filebeat-nginx
notify: restart filebeat
View Git Blame Copy Permalink