From 630a536c7fe52df7297c4b559fed58b593ce315c Mon Sep 17 00:00:00 2001 From: nd Date: Sat, 17 Jul 2021 01:41:43 +0200 Subject: [PATCH] fix linter --- defaults/main.yml | 5 +++++ tasks/main.yml | 52 ++++++++++++++++++++++------------------------- tasks/php-fpm.yml | 18 ++++++++++------ 3 files changed, 41 insertions(+), 34 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index d4cbf07..4479272 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -55,3 +55,8 @@ nginx_forcessl_vhost: - match: '/' custom: - return 301 https://$host$request_uri + +phpinidefault: + post_max_size: 64M + upload_max_filesize: 64M + memory_limit: 128M diff --git a/tasks/main.yml b/tasks/main.yml index 2d36610..92d764c 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,16 +1,19 @@ --- -- set_fact: +- name: store nginx vars + set_fact: nginx_certs: "{{ nginx.vhosts|nginx_vhosts_to_certificates }}" inventory_certs: "{{ certificates.certs|d({}) }}" selfsigned_cert: "{ '{{ inventory_hostname }}': { 'backend': 'selfsigned' }}" -- include_role: +- name: generate certificates for vhosts + include_role: name: certificates vars: certificates: certs: "{{ {}|combine( (selfsigned_cert|from_yaml if nginx.snakeoil_default else {}), nginx_certs, inventory_certs, recursive=True) }}" -- debug: +- name: debug nginx dict + debug: verbosity: 1 var: nginx @@ -38,34 +41,24 @@ template: src: ssl_files.conf.j2 dest: /etc/nginx/conf.d/ssl_files.conf + owner: root + group: root + mode: 0644 notify: - restart nginx -- name: execute dns template +- name: execute templates + loop: + - dns.conf + - upstreams.conf + - proxy.conf + - maps.conf template: - src: dns.conf.j2 - dest: /etc/nginx/conf.d/dns.conf - notify: - - restart nginx - -- name: execute upstream template - template: - src: upstreams.conf.j2 - dest: /etc/nginx/conf.d/upstreams.conf - notify: - - restart nginx - -- name: execute proxy template - template: - src: proxy.conf.j2 - dest: /etc/nginx/conf.d/proxy.conf - notify: - - restart nginx - -- name: execute maps template - template: - src: maps.conf.j2 - dest: /etc/nginx/conf.d/maps.conf + src: "{{ item }}.j2" + dest: "/etc/nginx/conf.d/{{ item }}" + owner: root + group: root + mode: 0644 notify: - restart nginx @@ -73,6 +66,9 @@ template: src: vhost.conf.j2 dest: "/etc/nginx/sites-available/{{ item.key }}" + owner: root + group: root + mode: 0644 with_dict: "{{ {}|combine((nginx_forcessl_vhost if nginx.force_ssl else {}), nginx.vhosts, recursive=True) }}" notify: - restart nginx @@ -93,7 +89,7 @@ copy: src: monitoring dest: /etc/nginx/sites-available/nginx-status - mode: 0755 + mode: 0644 notify: - restart nginx diff --git a/tasks/php-fpm.yml b/tasks/php-fpm.yml index 820e2a9..7aa989c 100644 --- a/tasks/php-fpm.yml +++ b/tasks/php-fpm.yml @@ -35,6 +35,9 @@ copy: src: php-fpm/snippet-php dest: /etc/nginx/snippets/php + owner: root + group: root + mode: 0644 notify: - reload nginx @@ -42,6 +45,9 @@ template: src: php-fpm/upstream-php.conf.j2 dest: /etc/nginx/conf.d/php.conf + owner: root + group: root + mode: 0644 notify: - reload nginx @@ -49,22 +55,22 @@ template: dest: "/etc/php/{{ php_version }}/fpm/pool.d/www.conf" src: php-fpm/www.conf.j2 + owner: root + group: root mode: 0644 notify: - restart php-fpm -- set_fact: - phpinidefault: - post_max_size: 64M - upload_max_filesize: 64M - memory_limit: 128M -- set_fact: +- name: apply php ini defaults + set_fact: phpini: "{{ phpinidefault|combine( {} if (nginx.php == True) else nginx.php.ini|d({}) ) }}" - name: copy php-fpm php.ini template: dest: "/etc/php/{{ php_version }}/fpm/php.ini" src: php-fpm/php.ini.j2 + owner: root + group: root mode: 0644 notify: - restart php-fpm