chore!: separated galaxy deps and own collections; modified ansible script generation to use two paths for collections

REQUIRES REGENERATING ansible.cfg!
2025-02-23 00:00:00 +00:00 · 2025-02-23 00:00:00 +00:00 · 888590ed9f
commit 888590ed9f
parent 4af69c31ce
188 changed files with 30 additions and 30 deletions
--- a/ansible_collections/nullified/infrastructure/roles/nginx/tasks/main.yml
+++ b/ansible_collections/nullified/infrastructure/roles/nginx/tasks/main.yml
@ -0,0 +1,97 @@
+---
+- name: install requirements
+  become: true
+  ansible.builtin.apt:
+    update_cache: true
+    force_apt_get: true
+    cache_valid_time: 3600
+    pkg:
+      - ca-certificates
+      - curl
+      - debian-archive-keyring
+      - gnupg2
+      - lsb-release
+
+- name: install nginx repository
+  become: true
+  ansible.builtin.deb822_repository:
+    allow_downgrade_to_insecure: false
+    allow_insecure: false
+    allow_weak: false
+    components:
+      - nginx
+    enabled: true
+    name: nginx
+    signed_by: 'https://nginx.org/keys/nginx_signing.key'
+    state: present
+    suites: '{{ ansible_facts.distribution_release }}'
+    trusted: true
+    uris: 'http://nginx.org/packages/mainline/debian'
+
+- name: pin nginx packages
+  become: true
+  ansible.builtin.copy:
+    content: |-
+      Package: *
+      Pin: origin nginx.org
+      Pin: release o=nginx
+      Pin-Priority: 900
+    dest: /etc/apt/preferences.d/55-nginx
+    mode: '0600'
+    owner: root
+    group: root
+
+- name: update cache and install nginx package
+  become: true
+  ansible.builtin.apt:
+    cache_valid_time: 0
+    force_apt_get: true
+    update_cache: true
+    pkg: '{{ nginx_extra_packages | default([]) + ["nginx"] }}'
+
+- ansible.builtin.include_tasks:
+    file: nginx-config.yml
+    apply:
+      tags: [webserver-config]
+  tags: [webserver-config]
+
+- name: setup firewall rules
+  become: true
+  ansible.builtin.template:
+    src: ../templates/ingress_http_nginx.nft.j2
+    dest: /etc/nftables.d/ingress_http_nginx.nft
+    owner: root
+    group: root
+    mode: '0600'
+  notify:
+    - 'nginx : restart firewall service'
+
+- ansible.builtin.include_tasks:
+    file: nginx-service-entry.yml
+    apply:
+      tags: [webserver-sites]
+  tags: [webserver-sites]
+  vars:
+    nginx_entry_type: site
+  loop: '{{ nginx_sites }}'
+  loop_control:
+    label: '{{ item.name }}'
+- ansible.builtin.include_tasks:
+    file: nginx-service-entry.yml
+    apply:
+      tags: [webserver-streams]
+  tags: [webserver-streams]
+  vars:
+    nginx_entry_type: stream
+  loop: '{{ nginx_streams }}'
+  loop_control:
+    label: '{{ item.name }}'
+
+- name: set permissions
+  become: true
+  ansible.builtin.file:
+    path: /etc/nginx
+    owner: '{{ nginx_service_user }}'
+    group: '{{ nginx_service_user }}'
+    mode: 'u=rwX,g=rX,o='
+    recurse: true