nginx(role): split up repo setup and install task lists to estab. conv.

Split up repo setup and package installation after all to establish this as a convention (its already done this way in the docker role and was done this way in the nginx role before) to highlight that an external repo is used.
2025-02-18 05:43:39 +01:00 · 2025-02-18 05:43:39 +01:00 · 7420ed6010
commit 7420ed6010
parent 89f3e55eac
5 changed files with 20 additions and 12 deletions
--- a/roles/nginx/tasks/main/04_config_deploy.yaml
+++ b/roles/nginx/tasks/main/04_config_deploy.yaml
@ -0,0 +1,150 @@
+- name: Check, if a save of a previous `nginx.conf` is present
+  ansible.builtin.stat:
+    path: /etc/nginx/nginx.conf.ansiblesave
+  register: nginx__nginx_conf_ansiblesave_stat
+
+- name: Handle the case, where a custom `nginx.conf` is to be used
+  when: nginx__use_custom_nginx_conf
+  block:
+    - name: When no `nginx.conf.ansiblesave` is present, save the current `nginx.conf`
+      when: not nginx__nginx_conf_ansiblesave_stat.stat.exists
+      ansible.builtin.copy:
+        force: true
+        dest: /etc/nginx/nginx.conf.ansiblesave
+        mode: "0644"
+        owner: root
+        group: root
+        remote_src: true
+        src: /etc/nginx/nginx.conf
+      become: true
+
+    - name: Ensure the custom `nginx.conf` is deployed
+      ansible.builtin.copy:
+        content: "{{ nginx__custom_nginx_conf }}"
+        dest: "/etc/nginx/nginx.conf"
+        mode: "0644"
+        owner: root
+        group: root
+      become: true
+      notify: Restart nginx
+
+- name: Handle the case, where no custom `nginx.conf` is to be used
+  when: not nginx__use_custom_nginx_conf
+  block:
+    - name: When a `nginx.conf.ansiblesave` is present, copy it to `nginx.conf`
+      when: nginx__nginx_conf_ansiblesave_stat.stat.exists
+      ansible.builtin.copy:
+        force: true
+        dest: /etc/nginx/nginx.conf
+        mode: "0644"
+        owner: root
+        group: root
+        remote_src: true
+        src: /etc/nginx/nginx.conf.ansiblesave
+      become: true
+      notify: Restart nginx
+
+    - name: Ensure no `nginx.conf.ansiblesave` is present
+      when: nginx__nginx_conf_ansiblesave_stat.stat.exists
+      ansible.builtin.file:
+        path: /etc/nginx/nginx.conf.ansiblesave
+        state: absent
+      become: true
+
+- name: Ensure mozilla dhparam is deployed
+  ansible.builtin.get_url:
+    force: true
+    dest: /etc/nginx-mozilla-dhparam
+    mode: "0644"
+    url: https://ssl-config.mozilla.org/ffdhe2048.txt
+  become: true
+  notify: Restart nginx
+
+- name: Set `nginx__config_files_to_exist` fact initially to an empty list
+  ansible.builtin.set_fact:
+    nginx__config_files_to_exist: [ ]
+
+- name: Handle the case, where tls.conf should be deployed
+  when: nginx__deploy_tls_conf
+  block:
+    - name: Ensure tls.conf is deployed
+      ansible.builtin.copy:
+        force: true
+        dest: /etc/nginx/conf.d/tls.conf
+        mode: "0644"
+        owner: root
+        group: root
+        src: tls.conf
+      become: true
+      notify: Restart nginx
+
+    - name: Add tls.conf to nginx__config_files_to_exist
+      ansible.builtin.set_fact:
+        nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'tls.conf' ] }}"  # noqa: jinja[spacing]
+
+- name: Handle the case, where redirect.conf should be deployed
+  when: nginx__deploy_redirect_conf
+  block:
+    - name: Ensure redirect.conf is deployed
+      ansible.builtin.copy:
+        force: true
+        dest: /etc/nginx/conf.d/redirect.conf
+        mode: "0644"
+        owner: root
+        group: root
+        src: redirect.conf
+      become: true
+      notify: Restart nginx
+
+    - name: Add redirect.conf to nginx__config_files_to_exist
+      ansible.builtin.set_fact:
+        nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'redirect.conf' ] }}"  # noqa: jinja[spacing]
+
+- name: Handle the case, where logging.conf should be deployed
+  when: nginx__deploy_logging_conf
+  block:
+    - name: Ensure logging.conf is deployed
+      ansible.builtin.copy:
+        force: true
+        dest: /etc/nginx/conf.d/logging.conf
+        mode: "0644"
+        owner: root
+        group: root
+        src: logging.conf
+      become: true
+      notify: Restart nginx
+
+    - name: Add logging.conf to nginx__config_files_to_exist
+      ansible.builtin.set_fact:
+        nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'logging.conf' ] }}"  # noqa: jinja[spacing]
+
+- name: Ensure all given configuration files are deployed
+  ansible.builtin.copy:
+    content: "{{ item.content }}"
+    dest: "/etc/nginx/conf.d/{{ item.name }}.conf"
+    mode: "0644"
+    owner: root
+    group: root
+  become: true
+  loop: "{{ nginx__configurations }}"
+  notify: Restart nginx
+
+- name: Add names with suffixes from `nginx__configurations` to `nginx__config_files_to_exist` fact
+  ansible.builtin.set_fact:
+    nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ item.name + '.conf' ] }}"  # noqa: jinja[spacing]
+  loop: "{{ nginx__configurations }}"
+
+- name: Find configuration files to remove
+  ansible.builtin.find:
+    paths: /etc/nginx/conf.d/
+    recurse: false
+    excludes: "{{ nginx__config_files_to_exist }}"
+  register: nginx__config_files_to_remove
+
+- name: Remove all configuration file, which should be removed
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: absent
+  become: true
+  loop: "{{ nginx__config_files_to_remove.files }}"
+  notify: Restart nginx