- name: load distribution-specific values include_vars: '{{ item }}' with_first_found: - '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml' - '{{ ansible_distribution }}.yml' - '{{ ansible_os_family }}.yml' - defaults.yml tags: - always - name: ensure nginx is installed package: name: '{{ nginx_packages|join(",") }}' state: present tags: - install - name: ensure nginx pki directories exist file: path: '{{ item.path }}' mode: '{{ item.mode }}' state: directory with_items: - path: /etc/pki/nginx mode: '0755' - path: /etc/pki/nginx/private mode: '0700' - name: ensure tls private key exists copy: src: '{{ item }}' dest: '{{ nginx_ssl_certificate_key }}' mode: '0400' setype: cert_t diff: false with_fileglob: - 'certs/nginx/{{ inventory_hostname }}/server.key' notify: reload nginx - name: ensure tls certificate exists copy: src: '{{ item }}' dest: '{{ nginx_ssl_certificate }}' mode: '0644' setype: cert_t with_fileglob: - 'certs/nginx/{{ inventory_hostname }}/server.cer' notify: reload nginx - name: ensure tls ca certificate exists copy: src: '{{ item }}' dest: '{{ nginx_ssl_ca_certificate }}' mode: '0644' setype: cert_t when: nginx_ssl_ca_certificate is defined with_fileglob: - 'certs/nginx/{{ inventory_hostname }}/ca.crt' notify: reload nginx - name: ensure nginx configuration directories exist file: path: '{{ item }}' mode: u=rwx,go=rx owner: root group: root state: directory loop: - /etc/nginx - /etc/nginx/conf.d - /etc/nginx/default.d - name: ensure nginx is configured template: src: nginx.conf.j2 dest: /etc/nginx/nginx.conf mode: '0644' notify: reload nginx tags: - nginx-config - name: ensure nginx is allowed in the firewall firewalld: service: '{{ item }}' state: enabled permanent: no immediate: yes when: host_uses_firewalld|d(true) with_items: - http - https notify: save firewalld configuration - name: ensure nginx starts at boot service: name: nginx enabled: yes