nginx/tasks/main.yml

105 lines
2.5 KiB
YAML
Raw Normal View History

2022-06-08 20:25:54 +02:00
---
- name: Install NGINX
apt:
update_cache: true
2022-06-20 23:06:14 +02:00
name:
- nginx
- 'python3-cryptography'
2022-06-08 20:25:54 +02:00
state: latest
register: apt_result
retries: 3
until: apt_result is succeeded
2022-06-08 22:34:50 +02:00
- name: Copy snippets
template:
src: "snippets/{{ item }}"
dest: "/etc/nginx/snippets/{{ item }}"
loop:
- connection_upgrade.conf # fix some nginx bug
- name: Ensure the cert directory exists
file:
path: /etc/nginx/certs
state: directory
2022-06-19 22:40:12 +02:00
- name: check if dummy cert exist
stat:
path: /etc/nginx/certs/dummy.pem
register: dummy_cert
2022-06-08 22:34:50 +02:00
- name: Create a dummy cert
block:
- name: Generate private key
openssl_privatekey:
path: /etc/nginx/certs/dummy.key
mode: u=rw,g=,o=
size: 4096
- name: Generate the signing request
openssl_csr:
path: /etc/nginx/certs/dummy.req
privatekey_path: /etc/nginx/certs/dummy.key
common_name: dummy
- name: Sign Cert
openssl_certificate:
path: /etc/nginx/certs/dummy.pem
privatekey_path: /etc/nginx/certs/dummy.key
csr_path: /etc/nginx/certs/dummy.req
provider: selfsigned
2022-06-19 22:40:12 +02:00
when: dummy_cert.stat.exists == False
2022-06-08 22:34:50 +02:00
2022-06-08 20:25:54 +02:00
- name: Add wasm to mime type
lineinfile:
path: /etc/nginx/mime.types
regexp: '\s*application/wasm\s+wasm;$'
line: ' application/wasm wasm;'
owner: root
group: root
mode: '0644'
insertbefore: '}'
2022-06-08 22:34:50 +02:00
- name: Copy NGINX conf
template:
src: nginx.conf
dest: /etc/nginx/nginx.conf
2022-06-20 23:06:14 +02:00
notify: Reload nginx
2022-06-08 22:34:50 +02:00
2022-06-19 22:40:12 +02:00
# TODO: << Manage reverse proxy >>
2022-06-08 22:34:50 +02:00
- name: Create the SSL reverse proxy conf
template:
src: stream_rp.conf
dest: /etc/nginx/stream_rp.conf
force: no
2022-06-19 22:40:12 +02:00
# Manage each http site
2022-06-20 23:06:14 +02:00
- name: Copy Http Servers
2022-06-19 22:40:12 +02:00
template:
src: http_server.j2
dest: "/etc/nginx/sites-available/{{ item.key }}"
loop: "{{ http_sites | dict2items}}"
2022-06-20 23:06:14 +02:00
notify: Reload nginx
2022-06-19 22:40:12 +02:00
- name: Use the dummy certificate
file:
src: /etc/nginx/certs/dummy.pem
dest: "/etc/nginx/certs/{{ item.key }}.crt"
state: link
force: no
loop: "{{ http_sites | dict2items}}"
- name: Use the dummy key
file:
src: /etc/nginx/certs/dummy.key
dest: "/etc/nginx/certs/{{ item.key }}.key"
state: link
force: no
loop: "{{ http_sites | dict2items}}"
- name: Activate sites
file:
src: "/etc/nginx/sites-available/{{ item.key }}"
dest: "/etc/nginx/sites-enabled/{{ item.key }}"
state: link
force: yes
loop: "{{ http_sites | dict2items}}"
2022-06-20 23:06:14 +02:00
notify: Reload nginx