@ -6,6 +6,39 @@
service_packages:
- nginx
- name : install letsencrypt dependencies
apt:
name : "{{ item }}"
state : present
update_cache : yes
cache_valid_time : 3600
with_items : "{{ letsencrypt_requirements }}"
when : letsencrypt|bool
- name : provision directories for site specific configurations
file:
path : /etc/nginx/{{ item }}
state : directory
owner : root
group : root
mode : 0755
with_items:
- "sites-available"
- "sites-enabled"
- name : provision letsencrypt challenge folder
file:
path : "{{ letsencrypt_challenge_webroot }}/.well-known/acme-challenge"
state : directory
owner : root
group : root
mode : 0755
when : letsencrypt|bool
- name : upload nginx configuration
template:
src : nginx.conf.j2
dest : /etc/nginx/nginx.conf
- name : disable nginx default configuration
file:
path : /etc/nginx/sites-enabled/default
@ -33,16 +66,69 @@
- enable nginx configuration
- restart nginx
- name : add nginx configurations
- name : add nginx configuration custom template s
template:
src : "roles/{{ parent_role_path }}/templates/{{ item }}.conf.nginx.j2"
dest : /etc/nginx/sites-available/{{ item }}.conf
dest : "/etc/nginx/sites-available/{{ item }}.conf"
with_items : "{{ config_names }}"
when : config_names is defined and item|bool
- name : enable nginx configurations
- name : enable nginx configuration custom template s
file:
src : "/etc/nginx/sites-available/{{ item }}.conf"
dest : "/etc/nginx/sites-enabled/{{ item }}.conf"
state : link
with_items : "{{ config_names }}"
when : config_names is defined and item|bool
notify : restart nginx
- name : generate nginx configurations from standard template
template:
src : site.j2
dest : "/etc/nginx/sites-available/{{ item.server.file_name }}"
with_items : "{{ nginx_sites }}"
when : nginx_sites is defined and nginx_sites
register : nginx_gen_conf
notify : restart nginx
- name : disable ssl configurations with pending cert issuing
file:
path : "/etc/nginx/sites-enabled/{{ item.item.server.file_name }}"
state : absent
with_items : "{{ nginx_gen_conf.results }}"
when:
- item | changed
- item.item.letsencrypt is defined
- name : enable nginx configurations used for letsencrypt challenge
file:
path : "/etc/nginx/sites-enabled/{{ item.server.file_name }}"
state : link
src : "/etc/nginx/sites-available/{{ item.server.file_name }}"
with_items : "{{ nginx_sites }}"
when : letsencrypt|bool and item.use_for_challenge is defined and item.use_for_challenge|bool and nginx_sites is defined and nginx_sites
- name : restart nginx to start enabled configurations used for letsencrypt
service:
name : nginx
state : restarted
when : letsencrypt|bool
- name : provision letsencrypt account private key
openssl_privatekey:
path : "{{ letsencrypt_account_key }}"
when : letsencrypt|bool
- name : provision ssl cert/key(s) with letsencrypt
include : letsencrypt.yaml
with_items : "{{ nginx_sites }}"
when : letsencrypt|bool and item.letsencrypt is defined and nginx_sites is defined and nginx_sites
- name : enable nginx configuration generated from standard template
file:
path : "/etc/nginx/sites-enabled/{{ item.server.file_name }}"
state : link
src : "/etc/nginx/sites-available/{{ item.server.file_name }}"
with_items : "{{ nginx_sites }}"
when : nginx_sites is defined and nginx_sites
notify : restart nginx