June
abc738c9c2
All checks were successful
/ Ansible Lint (push) Successful in 1m33s
Because of how Ansible local relative search paths work, the global "files" and "templates" directories need to be next to the playbooks. However its not intuitive to look into the playbooks directory to find the files and templates for a host. Therefore flatten the playbooks directory to get rid of this confusing structure. Also see: https://docs.ansible.com/ansible/latest/playbook_guide/playbook_pathing.html#resolving-local-relative-paths
132 lines
4.3 KiB
YAML
132 lines
4.3 KiB
YAML
- name: check, if a save of a previous `nginx.conf` is present
|
|
ansible.builtin.stat:
|
|
path: /etc/nginx/nginx.conf.ansiblesave
|
|
register: nginx__nginx_conf_ansiblesave_stat_result
|
|
|
|
- name: handle the case, where a custom `nginx.conf` is to be used
|
|
when: nginx__use_custom_nginx_conf
|
|
block:
|
|
- name: when no `nginx.conf.ansiblesave` is present, save the current `nginx.conf`
|
|
when: not nginx__nginx_conf_ansiblesave_stat_result.stat.exists
|
|
ansible.builtin.copy:
|
|
force: true
|
|
dest: /etc/nginx/nginx.conf.ansiblesave
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
remote_src: true
|
|
src: /etc/nginx/nginx.conf
|
|
become: true
|
|
|
|
- name: deploy the custom `nginx.conf`
|
|
ansible.builtin.copy:
|
|
content: "{{ nginx__custom_nginx_conf }}"
|
|
dest: "/etc/nginx/nginx.conf"
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
become: true
|
|
notify: Restart `nginx.service`
|
|
|
|
- name: handle the case, where no custom `nginx.conf` is to be used
|
|
when: not nginx__use_custom_nginx_conf
|
|
block:
|
|
- name: when a `nginx.conf.ansiblesave` is present, copy it to `nginx.conf`
|
|
when: nginx__nginx_conf_ansiblesave_stat_result.stat.exists
|
|
ansible.builtin.copy:
|
|
force: true
|
|
dest: /etc/nginx/nginx.conf
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
remote_src: true
|
|
src: /etc/nginx/nginx.conf.ansiblesave
|
|
become: true
|
|
notify: Restart `nginx.service`
|
|
|
|
- name: delete the `nginx.conf.ansiblesave`, if it is present
|
|
when: nginx__nginx_conf_ansiblesave_stat_result.stat.exists
|
|
ansible.builtin.file:
|
|
path: /etc/nginx/nginx.conf.ansiblesave
|
|
state: absent
|
|
become: true
|
|
|
|
- name: make sure mozilla dhparam is deployed
|
|
ansible.builtin.get_url:
|
|
force: true
|
|
dest: /etc/nginx-mozilla-dhparam
|
|
mode: "0644"
|
|
url: https://ssl-config.mozilla.org/ffdhe2048.txt
|
|
become: true
|
|
notify: Restart `nginx.service`
|
|
|
|
- name: set `nginx__config_files_to_exist` fact initially to an empty list
|
|
ansible.builtin.set_fact:
|
|
nginx__config_files_to_exist: [ ]
|
|
|
|
- name: handle the case, where tls.conf should be deployed
|
|
when: nginx__deploy_tls_conf
|
|
block:
|
|
- name: make sure tls.conf is deployed
|
|
ansible.builtin.copy:
|
|
force: true
|
|
dest: /etc/nginx/conf.d/tls.conf
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
src: tls.conf
|
|
become: true
|
|
notify: Restart `nginx.service`
|
|
|
|
- name: add tls.conf to nginx__config_files_to_exist
|
|
ansible.builtin.set_fact:
|
|
nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'tls.conf' ] }}" # noqa: jinja[spacing]
|
|
|
|
- name: handle the case, where redirect.conf should be deployed
|
|
when: nginx__deploy_redirect_conf
|
|
block:
|
|
- name: make sure redirect.conf is deployed
|
|
ansible.builtin.copy:
|
|
force: true
|
|
dest: /etc/nginx/conf.d/redirect.conf
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
src: redirect.conf
|
|
become: true
|
|
notify: Restart `nginx.service`
|
|
|
|
- name: add redirect.conf to nginx__config_files_to_exist
|
|
ansible.builtin.set_fact:
|
|
nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'redirect.conf' ] }}" # noqa: jinja[spacing]
|
|
|
|
- name: make sure all given configuration files are deployed
|
|
ansible.builtin.copy:
|
|
content: "{{ item.content }}"
|
|
dest: "/etc/nginx/conf.d/{{ item.name }}.conf"
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
become: true
|
|
loop: "{{ nginx__configurations }}"
|
|
notify: Restart `nginx.service`
|
|
|
|
- name: add names plus suffix from `nginx__configurations` to `nginx__config_files_to_exist` fact
|
|
ansible.builtin.set_fact:
|
|
nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ item.name + '.conf' ] }}" # noqa: jinja[spacing]
|
|
loop: "{{ nginx__configurations }}"
|
|
|
|
- name: find configuration files to remove
|
|
ansible.builtin.find:
|
|
paths: /etc/nginx/conf.d/
|
|
recurse: false
|
|
excludes: "{{ nginx__config_files_to_exist }}"
|
|
register: nginx__config_files_to_remove
|
|
|
|
- name: remove all configuration file, which should be removed
|
|
ansible.builtin.file:
|
|
path: "{{ item.path }}"
|
|
state: absent
|
|
become: true
|
|
loop: "{{ nginx__config_files_to_remove.files }}"
|
|
notify: Restart `nginx.service`
|