diff --git a/group_vars/web.yml b/group_vars/web.yml index a585282..9a90d7c 100644 --- a/group_vars/web.yml +++ b/group_vars/web.yml @@ -10,3 +10,24 @@ web: cert: /etc/ssl/certs/WILDCARD.hamburg.freifunk.net.crt key: /etc/ssl/private/WILDCARD.hamburg.freifunk.net.key dhparam: /etc/ssl/dhparam/WILDCARD.hamburg.freifunk.net.dh + + sites: + static: + ffhh_media: + domains: + - media.services.ffhh + - media.hamburg.freifunk.net + ports: + - { number: 80, ssl: false } + - { number: 443, ssl: true } + document_root: { path: /var/www/media, create: true } + listing: true + + ffhh_meta: + domains: + - meta.hamburg.freifunk.net + ports: + - { number: 80, ssl: false } + - { number: 443, ssl: true } + document_root: { path: /var/www/meta, create: true } + listing: true diff --git a/roles/ntp-server/templates/ntp.conf.j2 b/roles/ntp-server/templates/ntp.conf.j2 index ed17a3a..2750eea 100644 --- a/roles/ntp-server/templates/ntp.conf.j2 +++ b/roles/ntp-server/templates/ntp.conf.j2 @@ -1,3 +1,9 @@ +# +# ACTHUNG: +# +# Wird via Ansible konfiguriert. Bitte nicht manuell ändern! +# + # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help driftfile /var/lib/ntp/ntp.drift diff --git a/roles/web-server/updates/handlers/main.yml b/roles/web-server/static/handlers/main.yml similarity index 53% rename from roles/web-server/updates/handlers/main.yml rename to roles/web-server/static/handlers/main.yml index 0a08d0a..7430ea2 100644 --- a/roles/web-server/updates/handlers/main.yml +++ b/roles/web-server/static/handlers/main.yml @@ -1,6 +1,3 @@ --- -- name: restart nginx - service: name=nginx state=restarted - - name: reload nginx config service: name=nginx state=reloaded diff --git a/roles/web-server/static/tasks/main.yml b/roles/web-server/static/tasks/main.yml new file mode 100644 index 0000000..ca0c9a0 --- /dev/null +++ b/roles/web-server/static/tasks/main.yml @@ -0,0 +1,39 @@ +--- +- name: configure static sites + template: > + backup=yes + src=site.j2 + dest="/etc/nginx/sites-available/{{ item[0] }}" + owner=root + group=root + mode=0644 + with_items: "{{ web.sites.static.items() }}" + notify: reload nginx config + tags: + - nginx + - website + - static + +- name: create static site roots + file: path="{{ item.document_root.path }}" state=directory owner=www-data group=www-data mode=0755 + with_items: "{{ web.sites.static.values() }}" + when: item.document_root.create + tags: + - nginx + - website + - static + +- name: enable static sites + file: > + src="/etc/nginx/sites-available/{{ item }}" + dest="/etc/nginx/sites-enabled/{{ item }}" + owner=root + group=root + mode=0644 + state=link + with_items: "{{ web.sites.static.keys() }}" + notify: reload nginx config + tags: + - nginx + - website + - static diff --git a/roles/web-server/static/templates/site.j2 b/roles/web-server/static/templates/site.j2 new file mode 100644 index 0000000..572bdb3 --- /dev/null +++ b/roles/web-server/static/templates/site.j2 @@ -0,0 +1,25 @@ +# +# ACTHUNG: +# +# Wird via Ansible konfiguriert. Bitte nicht manuell ändern! +# + +{% for port in item[1].ports %} +server { + include /etc/nginx/include/no_logging.conf; + include /etc/nginx/include/no_dotfiles.conf; + include /etc/nginx/include/no_symlinks.conf; + + {% if item[1].listing %} + include /etc/nginx/include/listing.conf; + {% endif %} + + listen {{ port.number }}{% if port.ssl %} ssl{% endif %}; + listen [::]:{{ port.number }}{% if port.ssl %} ssl{% endif %}; + + server_name {{ item[1].domains | join(" ") }}; + + root {{ item[1].document_root.path }}; +} + +{% endfor %} diff --git a/site.yml b/site.yml index 681aa6b..46b449d 100644 --- a/site.yml +++ b/site.yml @@ -12,6 +12,6 @@ roles: - web-server/base -#- hosts: srv02 -# roles: -# - web-server/updates +- hosts: srv02 + roles: + - web-server/static