roles/nginx: Add role for nginx
This role installs nginx and provides a base/skeleton configuration suitable for most deployments.
This commit is contained in:
81
roles/nginx/tasks/main.yml
Normal file
81
roles/nginx/tasks/main.yml
Normal file
@@ -0,0 +1,81 @@
|
||||
- name: load distribution-specific values
|
||||
include_vars: '{{ item }}'
|
||||
with_first_found:
|
||||
- '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml'
|
||||
- '{{ ansible_distribution }}.yml'
|
||||
- '{{ ansible_os_family }}.yml'
|
||||
- defaults.yml
|
||||
tags:
|
||||
- always
|
||||
|
||||
- name: ensure nginx is installed
|
||||
package:
|
||||
name: '{{ nginx_packages|join(",") }}'
|
||||
state: present
|
||||
tags:
|
||||
- install
|
||||
|
||||
- name: ensure nginx pki directories exist
|
||||
file:
|
||||
path: '{{ item.path }}'
|
||||
mode: '{{ item.mode }}'
|
||||
state: directory
|
||||
with_items:
|
||||
- path: /etc/pki/nginx
|
||||
mode: '0755'
|
||||
- path: /etc/pki/nginx/private
|
||||
mode: '0700'
|
||||
- name: ensure tls private key exists
|
||||
copy:
|
||||
src: '{{ item }}'
|
||||
dest: '{{ nginx_ssl_certificate_key }}'
|
||||
mode: '0400'
|
||||
setype: cert_t
|
||||
diff: false
|
||||
with_fileglob:
|
||||
- 'certs/nginx/{{ inventory_hostname }}/server.key'
|
||||
notify: reload nginx
|
||||
- name: ensure tls certificate exists
|
||||
copy:
|
||||
src: '{{ item }}'
|
||||
dest: '{{ nginx_ssl_certificate }}'
|
||||
mode: '0644'
|
||||
setype: cert_t
|
||||
with_fileglob:
|
||||
- 'certs/nginx/{{ inventory_hostname }}/server.cer'
|
||||
notify: reload nginx
|
||||
- name: ensure tls ca certificate exists
|
||||
copy:
|
||||
src: '{{ item }}'
|
||||
dest: '{{ nginx_ssl_ca_certificate }}'
|
||||
mode: '0644'
|
||||
setype: cert_t
|
||||
when: nginx_ssl_ca_certificate is defined
|
||||
with_fileglob:
|
||||
- 'certs/nginx/{{ inventory_hostname }}/ca.crt'
|
||||
notify: reload nginx
|
||||
|
||||
- name: ensure nginx is configured
|
||||
template:
|
||||
src: nginx.conf.j2
|
||||
dest: /etc/nginx/nginx.conf
|
||||
mode: '0644'
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx-config
|
||||
|
||||
- name: ensure nginx is allowed in the firewall
|
||||
firewalld:
|
||||
service: '{{ item }}'
|
||||
state: enabled
|
||||
permanent: no
|
||||
immediate: yes
|
||||
with_items:
|
||||
- http
|
||||
- https
|
||||
notify: save firewalld configuration
|
||||
|
||||
- name: ensure nginx starts at boot
|
||||
service:
|
||||
name: nginx
|
||||
enabled: yes
|
||||
Reference in New Issue
Block a user