121 lines
2.8 KiB
YAML
121 lines
2.8 KiB
YAML
---
|
|
- name: store nginx vars
|
|
set_fact:
|
|
nginx_certs: "{{ nginx.vhosts|nginx_vhosts_to_certificates }}"
|
|
inventory_certs: "{{ certificates.certs|d({}) | dict2items | selectattr ('key', 'regex', '^nginx_') | items2dict }}"
|
|
selfsigned_cert: "{ '{{ inventory_hostname }}': { 'backend': 'selfsigned' }}"
|
|
|
|
- name: generate certificates for vhosts
|
|
include_role:
|
|
name: certificates
|
|
vars:
|
|
certificates:
|
|
certs: "{{ {}|combine( (selfsigned_cert|from_yaml if nginx.snakeoil_default else {}), nginx_certs, inventory_certs, recursive=True) }}"
|
|
|
|
- name: debug nginx dict
|
|
debug:
|
|
verbosity: 1
|
|
var: nginx
|
|
|
|
- name: install nginx
|
|
apt:
|
|
pkg:
|
|
- nginx
|
|
- libnginx-mod-http-headers-more-filter
|
|
- libnginx-mod-stream
|
|
- libnginx-mod-http-geoip
|
|
- libnginx-mod-http-fancyindex
|
|
- goaccess
|
|
- geoip-database
|
|
notify:
|
|
- delete nginx index.nginx-debian.html
|
|
- restart nginx
|
|
|
|
- name: copy configs
|
|
copy:
|
|
src: config/
|
|
dest: /etc/nginx/
|
|
directory_mode: 0755
|
|
group: root
|
|
owner: root
|
|
mode: 0644
|
|
notify:
|
|
- restart nginx
|
|
|
|
- name: execute ssl template
|
|
template:
|
|
src: ssl_files.conf.j2
|
|
dest: /etc/nginx/conf.d/ssl_files.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify:
|
|
- restart nginx
|
|
|
|
- name: execute templates
|
|
loop:
|
|
- dns.conf
|
|
- upstreams.conf
|
|
- proxy.conf
|
|
- maps.conf
|
|
template:
|
|
src: "{{ item }}.j2"
|
|
dest: "/etc/nginx/conf.d/{{ item }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify:
|
|
- restart nginx
|
|
|
|
- name: create nginx vhosts
|
|
template:
|
|
src: vhost.conf.j2
|
|
dest: "/etc/nginx/sites-available/{{ item.key }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
with_dict: "{{ {}|combine((nginx_forcessl_vhost if nginx.force_ssl else {}), nginx.vhosts, recursive=True) }}"
|
|
notify:
|
|
- restart nginx
|
|
|
|
- name: enable nginx vhosts
|
|
file:
|
|
src: "/etc/nginx/sites-available/{{ item.key }}"
|
|
path: "/etc/nginx/sites-enabled/{{ item.key }}"
|
|
state: link
|
|
with_dict: "{{ {}|combine((nginx_forcessl_vhost if nginx.force_ssl else {}), nginx.vhosts, recursive=True) }}"
|
|
notify:
|
|
- restart nginx
|
|
|
|
- name: create and enable nginx streams
|
|
template:
|
|
src: stream.conf.j2
|
|
dest: "/etc/nginx/streams/{{ item.key }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
with_dict: "{{ {}|combine(nginx.streams, recursive=True) }}"
|
|
notify:
|
|
- restart nginx
|
|
|
|
- name: delete nginx default config
|
|
file: path=/etc/nginx/sites-enabled/default state=absent
|
|
|
|
- name: copy nginx status config
|
|
copy:
|
|
src: monitoring
|
|
dest: /etc/nginx/sites-available/nginx-status
|
|
mode: 0644
|
|
notify:
|
|
- restart nginx
|
|
|
|
- name: activate nginx status config
|
|
file:
|
|
path: /etc/nginx/sites-enabled/nginx-status
|
|
src: /etc/nginx/sites-available/nginx-status
|
|
state: link
|
|
notify:
|
|
- restart nginx
|
|
|
|
- include_tasks: php-fpm.yml
|
|
when: nginx.php
|