mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-18 08:06:16 +01:00
Code Issues
mediators-2024
infrastructure/roles/nginx/tasks/main.yml
Robin Candau 701c1d01ef Migrate 'with_X' to 'loop'
2024-12-23 17:43:01 +00:00

74 lines
2.5 KiB
YAML
Raw Permalink Blame History

- name: Install nginx
pacman: name=nginx,nginx-mod-brotli state=present
- name: Install extra nginx modules
pacman: name={{ nginx_extra_modules | map(attribute='name') | map('regex_replace', '^', 'nginx-mod-') }} state=present
- name: Install nginx.service snippet
copy: src=nginx.service.d dest=/etc/systemd/system owner=root group=root mode=0644
- name: Configure nginx
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf owner=root group=root mode=0644
notify:
- Reload nginx
- name: Snippets directories
file: state=directory path=/etc/nginx/{{ item }} owner=root group=root mode=0755
loop:
- toplevel-snippets
- snippets
- name: Copy snippets
template: src={{ item }} dest=/etc/nginx/snippets/{{ item | regex_replace('\\.j2$', '') }} owner=root group=root mode=0644
loop:
- letsencrypt.conf
- sslsettings.conf
- headers.conf
- listen-443.conf.j2
notify:
- Reload nginx
- name: Install cert renewal hook
template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/nginx owner=root group=root mode=0755
when: "'certbot' in ansible_play_role_names"
- name: Create nginx.d directory
file: state=directory path=/etc/nginx/nginx.d owner=root group=root mode=0755
- name: Create auth directory
file: state=directory path=/etc/nginx/auth owner=root group=root mode=0755
- name: Create maps directory
file: state=directory path=/etc/nginx/maps owner=root group=root mode=0755
- name: Create default nginx log directory
file: state=directory path=/var/log/nginx/default owner=root group=root mode=0755
- name: Create unique DH group
command: openssl dhparam -out /etc/ssl/dhparams.pem 2048 creates=/etc/ssl/dhparams.pem
- name: Create directory to store validation stuff in
file: owner=root group=http mode=0750 path={{ letsencrypt_validation_dir }} state=directory
- name: Install logrotate config
copy: src=logrotate.conf dest=/etc/logrotate.d/nginx-ansible owner=root group=root mode=0644
- name: Install inventory_hostname vhost
template: src=nginx-hostname-vhost.conf.j2 dest=/etc/nginx/nginx.d/nginx-hostname-vhost.conf owner=root group=root mode=0644
notify:
- Reload nginx
tags: ['nginx']
- name: Enable nginx
service: name=nginx enabled=yes
- name: Open firewall holes
ansible.posix.firewalld: service={{ item }} zone={{ nginx_firewall_zone }} permanent=true state=enabled immediate=yes
loop:
- http
- https
- "{{ 'http3' if nginx_enable_http3 else omit }}"
when: configure_firewall
tags:
- firewall
View Git Blame Copy Permalink