77 lines
1.7 KiB
YAML
77 lines
1.7 KiB
YAML
---
|
|
- name: Load OS-specific variables
|
|
ansible.builtin.include_vars: "{{ item }}"
|
|
with_first_found:
|
|
- "{{ ansible_facts['os_family'] }}.yml"
|
|
- debian.yml
|
|
|
|
- name: Set nginx_user if not already set
|
|
ansible.builtin.set_fact:
|
|
nginx_user: "{{ nginx_user | default('www-data') }}"
|
|
|
|
- name: Install nginx
|
|
ansible.builtin.package:
|
|
name: nginx
|
|
state: present
|
|
|
|
- name: Ensure nginx conf.d directory exists
|
|
ansible.builtin.file:
|
|
path: "{{ nginx_conf_dir }}"
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: "0755"
|
|
|
|
- name: Deploy nginx main configuration
|
|
ansible.builtin.template:
|
|
src: nginx.conf.j2
|
|
dest: /etc/nginx/nginx.conf
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
validate: nginx -t -c %s
|
|
notify: Reload nginx
|
|
|
|
- name: Deploy logrotate configuration for nginx
|
|
ansible.builtin.template:
|
|
src: logrotate-nginx.j2
|
|
dest: /etc/logrotate.d/nginx
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
when: nginx_log_backend == 'file'
|
|
|
|
- name: Remove logrotate configuration when using journald
|
|
ansible.builtin.file:
|
|
path: /etc/logrotate.d/nginx
|
|
state: absent
|
|
when: nginx_log_backend == 'journald'
|
|
|
|
- name: Allow HTTP traffic through firewall
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: "80"
|
|
proto: tcp
|
|
comment: Nginx HTTP
|
|
retries: 5
|
|
delay: 2
|
|
register: ufw_result
|
|
until: ufw_result is succeeded
|
|
|
|
- name: Allow HTTPS traffic through firewall
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: "443"
|
|
proto: tcp
|
|
comment: Nginx HTTPS
|
|
retries: 5
|
|
delay: 2
|
|
register: ufw_result
|
|
until: ufw_result is succeeded
|
|
|
|
- name: Enable and start nginx service
|
|
ansible.builtin.systemd:
|
|
name: nginx
|
|
enabled: true
|
|
state: started
|