WoodSmellParticle/ansible-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-infra/ansible_collections/nullified/infrastructure/roles/nginx/tasks/main.yml

97 lines
2.2 KiB
YAML
Raw Blame History

---
- name: install requirements
become: true
ansible.builtin.apt:
update_cache: true
force_apt_get: true
cache_valid_time: 3600
pkg:
- ca-certificates
- curl
- debian-archive-keyring
- gnupg2
- lsb-release
- name: install nginx repository
become: true
ansible.builtin.deb822_repository:
allow_downgrade_to_insecure: false
allow_insecure: false
allow_weak: false
components:
- nginx
enabled: true
name: nginx
signed_by: 'https://nginx.org/keys/nginx_signing.key'
state: present
suites: '{{ ansible_facts.distribution_release }}'
trusted: true
uris: 'http://nginx.org/packages/mainline/debian'
- name: pin nginx packages
become: true
ansible.builtin.copy:
content: |-
Package: *
Pin: origin nginx.org
Pin: release o=nginx
Pin-Priority: 900
dest: /etc/apt/preferences.d/55-nginx
mode: '0600'
owner: root
group: root
- name: update cache and install nginx package
become: true
ansible.builtin.apt:
cache_valid_time: 0
force_apt_get: true
update_cache: true
pkg: '{{ nginx_extra_packages | default([]) + ["nginx"] }}'
- ansible.builtin.include_tasks:
file: nginx-config.yml
apply:
tags: [webserver-config]
tags: [webserver-config]
- name: setup firewall rules
become: true
ansible.builtin.template:
src: ../templates/ingress_http_nginx.nft.j2
dest: /etc/nftables.d/ingress_http_nginx.nft
owner: root
group: root
mode: '0600'
notify:
- 'nginx : restart firewall service'
- ansible.builtin.include_tasks:
file: nginx-service-entry.yml
apply:
tags: [webserver-sites]
tags: [webserver-sites]
vars:
nginx_entry_type: site
loop: '{{ nginx_sites }}'
loop_control:
label: '{{ item.name }}'
- ansible.builtin.include_tasks:
file: nginx-service-entry.yml
apply:
tags: [webserver-streams]
tags: [webserver-streams]
vars:
nginx_entry_type: stream
loop: '{{ nginx_streams }}'
loop_control:
label: '{{ item.name }}'
- name: set permissions
become: true
ansible.builtin.file:
path: /etc/nginx
owner: '{{ nginx_service_user }}'
group: '{{ nginx_service_user }}'
mode: 'u=rwX,g=rX,o='
recurse: true
Reference in a new issue View git blame Copy permalink