1
0
IaC/ansible/roles/nginx/tasks/main.yaml

113 lines
2.6 KiB
YAML
Raw Normal View History

2024-04-20 13:04:17 +00:00
- name: Install nginx package (Archlinux)
when: ansible_facts['os_family'] == "Archlinux"
community.general.pacman:
name:
- nginx
state: present
update_cache: true
2024-04-21 13:37:46 +00:00
- name: Create config dirs
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: root
group: root
mode: "0775"
loop:
- /etc/nginx/sites-available
- /etc/nginx/sites-enabled
- /etc/nginx/conf.d
- /etc/nginx/ssl
- name: Copy the ssl configuration
ansible.builtin.copy:
src: ssl.conf
dest: /etc/nginx/ssl/ssl.conf
owner: root
group: root
mode: "0644"
notify: Restart nginx
- name: Generate dhparams
ansible.builtin.command:
argv:
- openssl
- dhparam
- -dsaparam
- -outform
- PEM
- -out
- /etc/nginx/ssl/dhparams.pem
- 4096
creates: /etc/nginx/ssl/dhparams.pem
notify: Restart nginx
# - name: Generate dhparams (alternative)
# community.crypto.openssl_dhparam:
# group: root
# mode: "0644"
# owner: root
# path: /etc/nginx/ssl/dhparams.pem
# size: 4096
# state: present
- name: Set permissions on dhparams
ansible.builtin.file:
path: /etc/nginx/ssl/dhparams.pem
owner: root
group: root
mode: "0644"
notify: Restart nginx
- name: Template out nginx base config
ansible.builtin.template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: "0644"
notify: Restart nginx
2024-04-22 12:49:49 +00:00
- name: Template out nginx reverse proxy configs
ansible.builtin.template:
src: nginx-proxy.conf.j2
dest: /etc/nginx/sites-available/{{ item.name }}.conf
owner: root
group: root
mode: "0644"
loop: "{{ nginx_sites }}"
when: item.type == "proxy"
notify: Restart nginx
2024-04-21 13:37:46 +00:00
- name: Template out nginx site configs
ansible.builtin.template:
2024-04-22 12:49:49 +00:00
src: nginx-site.conf.j2
2024-04-21 13:37:46 +00:00
dest: /etc/nginx/sites-available/{{ item.name }}.conf
owner: root
group: root
mode: "0644"
loop: "{{ nginx_sites }}"
2024-04-22 12:49:49 +00:00
when: item.type == "site"
2024-04-21 13:37:46 +00:00
notify: Restart nginx
- name: Enable site configs
ansible.builtin.file:
path: /etc/nginx/sites-enabled/{{ item.name }}.conf
src: /etc/nginx/sites-available/{{ item.name }}.conf
state: link
loop: "{{ nginx_sites }}"
notify: Restart nginx
- name: Run certbot role to install certificates
ansible.builtin.include_role:
name: certbot
vars:
certbot_domains: "{{ nginx_sites | map(attribute='name') }}"
certbot_notify: "Restart nginx"
- name: Start and enable nginx
ansible.builtin.service:
name: nginx
state: started
enabled: true