Automate light server

Co-authored-by: J <j@jsts.xyz>
2022-11-17 23:30:52 +01:00 · 2022-11-17 23:30:52 +01:00 · e74a50e873
commit e74a50e873
parent aefdd123a4
40 changed files with 401 additions and 10 deletions
--- a/playbooks/roles/nginx/tasks/main.yml
+++ b/playbooks/roles/nginx/tasks/main.yml
@ -0,0 +1,45 @@
+---
+- name: Setup up repository pinning
+  ansible.builtin.template:
+    src: 99nginx.j2
+    dest: /etc/apt/preferences.d/99nginx
+    mode: "0644"
+- name: Install nginx
+  ansible.builtin.apt:
+    update_cache: true
+    name: nginx
+    state: present
+- name: Delete default.conf
+  ansible.builtin.file:
+    path: /etc/nginx/conf.d/default.conf
+    state: absent
+  when: nginx__configs
+- name: Create nginx redirect.conf
+  ansible.builtin.template:
+    src: redirect.conf.j2
+    dest: /etc/nginx/conf.d/redirect.conf
+    mode: "0644"
+  when: nginx__enable_https_redirect is defined and nginx__enable_https_redirect
+- name: Create nginx tls.conf
+  ansible.builtin.template:
+    src: tls.conf.j2
+    dest: /etc/nginx/conf.d/tls.conf
+    mode: "0644"
+- name: Download dhparam file
+  ansible.builtin.get_url:
+    url: https://ssl-config.mozilla.org/ffdhe2048.txt
+    dest: /etc/nginx/dhparam.pem
+    mode: "0644"
+- name: Add user specified configs
+  ansible.builtin.copy:
+    content: "{{ item.content }}"
+    dest: /etc/nginx/conf.d/{{ item.name }}.conf
+    mode: "0644"
+  loop: "{{ nginx__configs }}"
+  notify: Reload nginx
+- name: Enable and start systemd service
+  ansible.builtin.systemd:
+    name: nginx.service
+    daemon_reload: true
+    enabled: true
+    state: started