LILiK
/
lilik_playbook
5
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Playbooks to a new Lilik
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
142 Commits
12 Branches
967 KiB
 
 
 
 
Tree: 1b76775fc8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1b76775fc8'
${ noResults }
lilik_playbook/roles/nginx/tasks/main.yaml

134 lines
3.8 KiB
Raw Blame History

---
- include: service.yaml
# static: yes # see static include issue: https://github.com/ansible/ansible/issues/13485
vars:
service_name: nginx
service_packages:
- nginx
- name: install letsencrypt dependencies
apt:
name: "{{ item }}"
state: present
update_cache: yes
cache_valid_time: 3600
with_items: "{{ letsencrypt_requirements }}"
when: letsencrypt|bool
- name: provision directories for site specific configurations
file:
path: /etc/nginx/{{ item }}
state: directory
owner: root
group: root
mode: 0755
with_items:
- "sites-available"
- "sites-enabled"
- name: provision letsencrypt challenge folder
file:
path: "{{ letsencrypt_challenge_webroot }}/.well-known/acme-challenge"
state: directory
owner: root
group: root
mode: 0755
when: letsencrypt|bool
- name: upload nginx configuration
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
- name: disable nginx default configuration
file:
path: /etc/nginx/sites-enabled/default
state: absent
notify: restart nginx
- name: install php-fpm
apt:
name: "{{ item }}"
state: present
update_cache: yes
cache_valid_time: 3600
with_items:
- php-fpm
when: php | bool
notify:
- restart nginx
- name: upload nginx proxy configuration
template:
src: proxy_nginx.j2
dest: "/etc/nginx/sites-available/{{ config_name }}"
when: is_proxy | bool
notify:
- enable nginx configuration
- restart nginx
- name: add nginx configuration custom templates
template:
src: "roles/{{ parent_role_path }}/templates/{{ item }}.conf.nginx.j2"
dest: "/etc/nginx/sites-available/{{ item }}.conf"
with_items: "{{ config_names }}"
when: config_names is defined and item|bool
- name: enable nginx configuration custom templates
file:
src: "/etc/nginx/sites-available/{{ item }}.conf"
dest: "/etc/nginx/sites-enabled/{{ item }}.conf"
state: link
with_items: "{{ config_names }}"
when: config_names is defined and item|bool
notify: restart nginx
- name: generate nginx configurations from standard template
template:
src: site.j2
dest: "/etc/nginx/sites-available/{{ item.server.file_name }}"
with_items: "{{ nginx_sites }}"
when: nginx_sites is defined and nginx_sites
register: nginx_gen_conf
notify: restart nginx
- name: disable ssl configurations with pending cert issuing
file:
path: "/etc/nginx/sites-enabled/{{ item.item.server.file_name }}"
state: absent
with_items: "{{ nginx_gen_conf.results }}"
when:
- item | changed
- item.item.letsencrypt is defined
- name: enable nginx configurations used for letsencrypt challenge
file:
path: "/etc/nginx/sites-enabled/{{ item.server.file_name }}"
state: link
src: "/etc/nginx/sites-available/{{ item.server.file_name }}"
with_items: "{{ nginx_sites }}"
when: letsencrypt|bool and item.use_for_challenge is defined and item.use_for_challenge|bool and nginx_sites is defined and nginx_sites
- name: restart nginx to start enabled configurations used for letsencrypt
service:
name: nginx
state: restarted
when: letsencrypt|bool
- name: provision letsencrypt account private key
openssl_privatekey:
path: "{{ letsencrypt_account_key }}"
when: letsencrypt|bool
- name: provision ssl cert/key(s) with letsencrypt
include: letsencrypt.yaml
with_items: "{{ nginx_sites }}"
when: letsencrypt|bool and item.letsencrypt is defined and nginx_sites is defined and nginx_sites
- name: enable nginx configuration generated from standard template
file:
path: "/etc/nginx/sites-enabled/{{ item.server.file_name }}"
state: link
src: "/etc/nginx/sites-available/{{ item.server.file_name }}"
with_items: "{{ nginx_sites }}"
when: nginx_sites is defined and nginx_sites
notify: restart nginx