jokester/ansible-playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
94dfe36c46
ansible-playbooks/roles/nginx/tasks/main.yml
Clément Désiles 787c171f65
feat: new services and fixes
2025-12-20 20:52:24 +01:00

161 lines
3.9 KiB
YAML
Raw Blame History

---
- name: Load OS-specific variables
ansible.builtin.include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_facts['os_family'] }}.yml"
- debian.yml
- name: Set nginx_user if not already set
ansible.builtin.set_fact:
nginx_user: "{{ nginx_user | default('www-data') }}"
- name: Add Nginx official APT signing key (Debian/Ubuntu)
ansible.builtin.get_url:
url: https://nginx.org/keys/nginx_signing.key
dest: /etc/apt/keyrings/nginx-archive-keyring.asc
mode: "0644"
when:
- ansible_facts['os_family'] == 'Debian'
- name: Add Nginx official repository (Debian/Ubuntu)
ansible.builtin.deb822_repository:
name: nginx-official
types: deb
uris: http://nginx.org/packages/mainline/debian/
suites: "{{ ansible_facts['distribution_release'] }}"
components: nginx
signed_by: /etc/apt/keyrings/nginx-archive-keyring.asc
state: present
when:
- ansible_facts['os_family'] == 'Debian'
- name: Install nginx
ansible.builtin.package:
name: nginx
state: present
- name: Install nginx stream module (Debian)
ansible.builtin.package:
name: libnginx-mod-stream
state: present
when:
- ansible_facts['os_family'] == 'Debian'
- nginx_forwarder is defined
- nginx_forwarder | length > 0
- name: Install Certbot
ansible.builtin.package:
name: certbot
state: present
when: acme_email is defined
- name: Enable Certbot renewal timer
ansible.builtin.systemd:
name: "{{ certbot_timer }}"
enabled: true
state: started
when: acme_email is defined
- name: Ensure nginx conf.d directory exists
ansible.builtin.file:
path: "{{ nginx_conf_dir }}"
state: directory
owner: root
group: root
mode: "0755"
- name: Ensure nginx streams.d directory exists
ansible.builtin.file:
path: "{{ nginx_streams_dir }}"
state: directory
owner: root
group: root
mode: "0755"
- name: Ensure Certbot webroot directory exists
ansible.builtin.file:
path: /var/www/certbot
state: directory
owner: "{{ nginx_user }}"
group: "{{ nginx_user }}"
mode: "0755"
when: acme_email is defined
- name: Deploy nginx main configuration
ansible.builtin.template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: "0644"
validate: nginx -t -c %s
notify: Reload nginx
- name: Deploy stream forwarder configurations
ansible.builtin.template:
src: forwarder.conf.j2
dest: "{{ nginx_streams_dir }}/forwarder-{{ domain | replace('.', '_') }}.conf"
owner: root
group: root
mode: "0644"
loop: "{{ nginx_forwarder | dict2items }}"
loop_control:
loop_var: item
vars:
domain: "{{ item.key }}"
config: "{{ item.value }}"
when:
- nginx_forwarder is defined
- nginx_forwarder | length > 0
notify: Reload nginx
- name: Validate nginx configuration after stream forwarder deployment
ansible.builtin.command: nginx -t
changed_when: false
when:
- nginx_forwarder is defined
- nginx_forwarder | length > 0
- name: Deploy logrotate configuration for nginx
ansible.builtin.template:
src: logrotate-nginx.j2
dest: /etc/logrotate.d/nginx
owner: root
group: root
mode: "0644"
when: nginx_log_backend == 'file'
- name: Remove logrotate configuration when using journald
ansible.builtin.file:
path: /etc/logrotate.d/nginx
state: absent
when: nginx_log_backend == 'journald'
- name: Allow HTTP traffic through firewall
community.general.ufw:
rule: allow
port: "80"
proto: tcp
comment: Nginx HTTP
retries: 5
delay: 2
register: ufw_result
until: ufw_result is succeeded
- name: Allow HTTPS traffic through firewall
community.general.ufw:
rule: allow
port: "443"
proto: tcp
comment: Nginx HTTPS
retries: 5
delay: 2
register: ufw_result
until: ufw_result is succeeded
- name: Enable and start nginx service
ansible.builtin.systemd:
name: nginx
enabled: true
state: started
Reference in New Issue View Git Blame Copy Permalink