You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
103 lines
2.4 KiB
YAML
103 lines
2.4 KiB
YAML
---
|
|
- name: Install NGINX
|
|
apt:
|
|
update_cache: true
|
|
name: "{{ item }}"
|
|
state: latest
|
|
register: apt_result
|
|
retries: 3
|
|
until: apt_result is succeeded
|
|
loop:
|
|
- nginx
|
|
- "python3-cryptography"
|
|
|
|
- name: Copy snippets
|
|
template:
|
|
src: "snippets/{{ item }}"
|
|
dest: "/etc/nginx/snippets/{{ item }}"
|
|
loop:
|
|
- connection_upgrade.conf # fix some nginx bug
|
|
|
|
- name: Ensure the cert directory exists
|
|
file:
|
|
path: /etc/nginx/certs
|
|
state: directory
|
|
|
|
- name: check if dummy cert exist
|
|
stat:
|
|
path: /etc/nginx/certs/dummy.pem
|
|
register: dummy_cert
|
|
|
|
- name: Create a dummy cert
|
|
block:
|
|
- name: Generate private key
|
|
openssl_privatekey:
|
|
path: /etc/nginx/certs/dummy.key
|
|
mode: u=rw,g=,o=
|
|
size: 4096
|
|
- name: Generate the signing request
|
|
openssl_csr:
|
|
path: /etc/nginx/certs/dummy.req
|
|
privatekey_path: /etc/nginx/certs/dummy.key
|
|
common_name: dummy
|
|
- name: Sign Cert
|
|
openssl_certificate:
|
|
path: /etc/nginx/certs/dummy.pem
|
|
privatekey_path: /etc/nginx/certs/dummy.key
|
|
csr_path: /etc/nginx/certs/dummy.req
|
|
provider: selfsigned
|
|
when: dummy_cert.stat.exists == False
|
|
|
|
- name: Add wasm to mime type
|
|
lineinfile:
|
|
path: /etc/nginx/mime.types
|
|
regexp: '\s*application/wasm\s+wasm;$'
|
|
line: ' application/wasm wasm;'
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
insertbefore: '}'
|
|
|
|
- name: Copy NGINX conf
|
|
template:
|
|
src: nginx.conf
|
|
dest: /etc/nginx/nginx.conf
|
|
|
|
# TODO: << Manage reverse proxy >>
|
|
- name: Create the SSL reverse proxy conf
|
|
template:
|
|
src: stream_rp.conf
|
|
dest: /etc/nginx/stream_rp.conf
|
|
force: no
|
|
|
|
# Manage each http site
|
|
- name: Copy reverse proxy sites
|
|
template:
|
|
src: http_server.j2
|
|
dest: "/etc/nginx/sites-available/{{ item.key }}"
|
|
loop: "{{ http_sites | dict2items}}"
|
|
|
|
- name: Use the dummy certificate
|
|
file:
|
|
src: /etc/nginx/certs/dummy.pem
|
|
dest: "/etc/nginx/certs/{{ item.key }}.crt"
|
|
state: link
|
|
force: no
|
|
loop: "{{ http_sites | dict2items}}"
|
|
|
|
- name: Use the dummy key
|
|
file:
|
|
src: /etc/nginx/certs/dummy.key
|
|
dest: "/etc/nginx/certs/{{ item.key }}.key"
|
|
state: link
|
|
force: no
|
|
loop: "{{ http_sites | dict2items}}"
|
|
|
|
- name: Activate sites
|
|
file:
|
|
src: "/etc/nginx/sites-available/{{ item.key }}"
|
|
dest: "/etc/nginx/sites-enabled/{{ item.key }}"
|
|
state: link
|
|
force: yes
|
|
loop: "{{ http_sites | dict2items}}"
|