ansible-infra/roles/nginx/tasks/main/config_deploy.yaml
June 5bb283d5e7
All checks were successful
/ Ansible Lint (push) Successful in 1m38s
move roles, files and templates dirs out of playbook dir into root dir
Because of how Ansible local relative search paths work, the global
"files" and "templates" directories need to be next to the playbooks.
However its not intuitive to look into the "playbooks" directory to find
the files and templates for a host.
Therefore move them out of the "playbooks" directory into the root
directory and add symlinks so everything still works.

Similarly for local roles, they also need to be next to the playbooks.
So for a nicer structure, move the "roles" directory out into the root
directory as well and add a symlink so everything still works.

Also see:
https://docs.ansible.com/ansible/latest/playbook_guide/playbook_pathing.html#resolving-local-relative-paths
https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse_roles.html#storing-and-finding-roles
2024-12-02 03:34:55 +01:00

132 lines
4.3 KiB
YAML

- name: check, if a save of a previous `nginx.conf` is present
ansible.builtin.stat:
path: /etc/nginx/nginx.conf.ansiblesave
register: nginx__nginx_conf_ansiblesave_stat_result
- name: handle the case, where a custom `nginx.conf` is to be used
when: nginx__use_custom_nginx_conf
block:
- name: when no `nginx.conf.ansiblesave` is present, save the current `nginx.conf`
when: not nginx__nginx_conf_ansiblesave_stat_result.stat.exists
ansible.builtin.copy:
force: true
dest: /etc/nginx/nginx.conf.ansiblesave
mode: "0644"
owner: root
group: root
remote_src: true
src: /etc/nginx/nginx.conf
become: true
- name: deploy the custom `nginx.conf`
ansible.builtin.copy:
content: "{{ nginx__custom_nginx_conf }}"
dest: "/etc/nginx/nginx.conf"
mode: "0644"
owner: root
group: root
become: true
notify: Restart `nginx.service`
- name: handle the case, where no custom `nginx.conf` is to be used
when: not nginx__use_custom_nginx_conf
block:
- name: when a `nginx.conf.ansiblesave` is present, copy it to `nginx.conf`
when: nginx__nginx_conf_ansiblesave_stat_result.stat.exists
ansible.builtin.copy:
force: true
dest: /etc/nginx/nginx.conf
mode: "0644"
owner: root
group: root
remote_src: true
src: /etc/nginx/nginx.conf.ansiblesave
become: true
notify: Restart `nginx.service`
- name: delete the `nginx.conf.ansiblesave`, if it is present
when: nginx__nginx_conf_ansiblesave_stat_result.stat.exists
ansible.builtin.file:
path: /etc/nginx/nginx.conf.ansiblesave
state: absent
become: true
- name: make sure mozilla dhparam is deployed
ansible.builtin.get_url:
force: true
dest: /etc/nginx-mozilla-dhparam
mode: "0644"
url: https://ssl-config.mozilla.org/ffdhe2048.txt
become: true
notify: Restart `nginx.service`
- name: set `nginx__config_files_to_exist` fact initially to an empty list
ansible.builtin.set_fact:
nginx__config_files_to_exist: [ ]
- name: handle the case, where tls.conf should be deployed
when: nginx__deploy_tls_conf
block:
- name: make sure tls.conf is deployed
ansible.builtin.copy:
force: true
dest: /etc/nginx/conf.d/tls.conf
mode: "0644"
owner: root
group: root
src: tls.conf
become: true
notify: Restart `nginx.service`
- name: add tls.conf to nginx__config_files_to_exist
ansible.builtin.set_fact:
nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'tls.conf' ] }}" # noqa: jinja[spacing]
- name: handle the case, where redirect.conf should be deployed
when: nginx__deploy_redirect_conf
block:
- name: make sure redirect.conf is deployed
ansible.builtin.copy:
force: true
dest: /etc/nginx/conf.d/redirect.conf
mode: "0644"
owner: root
group: root
src: redirect.conf
become: true
notify: Restart `nginx.service`
- name: add redirect.conf to nginx__config_files_to_exist
ansible.builtin.set_fact:
nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'redirect.conf' ] }}" # noqa: jinja[spacing]
- name: make sure all given configuration files are deployed
ansible.builtin.copy:
content: "{{ item.content }}"
dest: "/etc/nginx/conf.d/{{ item.name }}.conf"
mode: "0644"
owner: root
group: root
become: true
loop: "{{ nginx__configurations }}"
notify: Restart `nginx.service`
- name: add names plus suffix from `nginx__configurations` to `nginx__config_files_to_exist` fact
ansible.builtin.set_fact:
nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ item.name + '.conf' ] }}" # noqa: jinja[spacing]
loop: "{{ nginx__configurations }}"
- name: find configuration files to remove
ansible.builtin.find:
paths: /etc/nginx/conf.d/
recurse: false
excludes: "{{ nginx__config_files_to_exist }}"
register: nginx__config_files_to_remove
- name: remove all configuration file, which should be removed
ansible.builtin.file:
path: "{{ item.path }}"
state: absent
become: true
loop: "{{ nginx__config_files_to_remove.files }}"
notify: Restart `nginx.service`