forked from CCCHH/ansible-infra
156 lines
4.9 KiB
YAML
156 lines
4.9 KiB
YAML
- name: Check, if a save of a previous `nginx.conf` is present
|
|
ansible.builtin.stat:
|
|
path: /etc/nginx/nginx.conf.ansiblesave
|
|
register: nginx__nginx_conf_ansiblesave_stat
|
|
|
|
- name: Handle the case, where a custom `nginx.conf` is to be used
|
|
when: nginx__use_custom_nginx_conf
|
|
block:
|
|
- name: When no `nginx.conf.ansiblesave` is present, save the current `nginx.conf`
|
|
when: not nginx__nginx_conf_ansiblesave_stat.stat.exists
|
|
ansible.builtin.copy:
|
|
force: true
|
|
dest: /etc/nginx/nginx.conf.ansiblesave
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
remote_src: true
|
|
src: /etc/nginx/nginx.conf
|
|
become: true
|
|
|
|
- name: Ensure the custom `nginx.conf` is deployed
|
|
ansible.builtin.copy:
|
|
content: "{{ nginx__custom_nginx_conf }}"
|
|
dest: "/etc/nginx/nginx.conf"
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
become: true
|
|
notify: Restart nginx
|
|
|
|
- name: Handle the case, where no custom `nginx.conf` is to be used
|
|
when: not nginx__use_custom_nginx_conf
|
|
block:
|
|
- name: When a `nginx.conf.ansiblesave` is present, copy it to `nginx.conf`
|
|
when: nginx__nginx_conf_ansiblesave_stat.stat.exists
|
|
ansible.builtin.copy:
|
|
force: true
|
|
dest: /etc/nginx/nginx.conf
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
remote_src: true
|
|
src: /etc/nginx/nginx.conf.ansiblesave
|
|
become: true
|
|
notify: Restart nginx
|
|
|
|
- name: Ensure no `nginx.conf.ansiblesave` is present
|
|
when: nginx__nginx_conf_ansiblesave_stat.stat.exists
|
|
ansible.builtin.file:
|
|
path: /etc/nginx/nginx.conf.ansiblesave
|
|
state: absent
|
|
become: true
|
|
|
|
- name: Ensure mozilla dhparam is deployed
|
|
ansible.builtin.get_url:
|
|
force: true
|
|
dest: /etc/nginx-mozilla-dhparam
|
|
mode: "0644"
|
|
url: https://ssl-config.mozilla.org/ffdhe2048.txt
|
|
become: true
|
|
notify: Restart nginx
|
|
|
|
- name: Set `nginx__config_files_to_exist` fact initially to an empty list
|
|
ansible.builtin.set_fact:
|
|
nginx__config_files_to_exist: [ ]
|
|
|
|
- name: Handle the case, where tls.conf should be deployed
|
|
when: nginx__deploy_tls_conf
|
|
block:
|
|
- name: Ensure tls.conf is deployed
|
|
ansible.builtin.copy:
|
|
force: true
|
|
dest: /etc/nginx/conf.d/tls.conf
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
src: tls.conf
|
|
become: true
|
|
notify: Restart nginx
|
|
|
|
- name: Add tls.conf to nginx__config_files_to_exist
|
|
ansible.builtin.set_fact:
|
|
nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'tls.conf' ] }}" # noqa: jinja[spacing]
|
|
|
|
- name: Handle the case, where redirect.conf should be deployed
|
|
when: nginx__deploy_redirect_conf
|
|
block:
|
|
- name: Ensure redirect.conf is deployed
|
|
ansible.builtin.copy:
|
|
force: true
|
|
dest: /etc/nginx/conf.d/redirect.conf
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
src: redirect.conf
|
|
become: true
|
|
notify: Restart nginx
|
|
|
|
- name: Add redirect.conf to nginx__config_files_to_exist
|
|
ansible.builtin.set_fact:
|
|
nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'redirect.conf' ] }}" # noqa: jinja[spacing]
|
|
|
|
- name: Handle the case, where logging.conf should be deployed
|
|
when: nginx__deploy_logging_conf
|
|
block:
|
|
- name: Ensure logging.conf is deployed
|
|
ansible.builtin.copy:
|
|
force: true
|
|
dest: /etc/nginx/conf.d/logging.conf
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
src: logging.conf
|
|
become: true
|
|
notify: Restart nginx
|
|
|
|
- name: Add logging.conf to nginx__config_files_to_exist
|
|
ansible.builtin.set_fact:
|
|
nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'logging.conf' ] }}" # noqa: jinja[spacing]
|
|
|
|
- name: Ensure all given configuration files are deployed
|
|
ansible.builtin.copy:
|
|
content: "{{ item.content }}"
|
|
dest: "/etc/nginx/conf.d/{{ item.name }}.conf"
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
become: true
|
|
loop: "{{ nginx__configurations }}"
|
|
loop_control:
|
|
label: "{{ item.name }}"
|
|
notify: Restart nginx
|
|
|
|
- name: Add names with suffixes from `nginx__configurations` to `nginx__config_files_to_exist` fact
|
|
ansible.builtin.set_fact:
|
|
nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ item.name + '.conf' ] }}" # noqa: jinja[spacing]
|
|
loop: "{{ nginx__configurations }}"
|
|
loop_control:
|
|
label: "{{ item.name }}"
|
|
|
|
- name: Find configuration files to remove
|
|
ansible.builtin.find:
|
|
paths: /etc/nginx/conf.d/
|
|
recurse: false
|
|
excludes: "{{ nginx__config_files_to_exist }}"
|
|
register: nginx__config_files_to_remove
|
|
|
|
- name: Remove all configuration file, which should be removed
|
|
ansible.builtin.file:
|
|
path: "{{ item.path }}"
|
|
state: absent
|
|
become: true
|
|
loop: "{{ nginx__config_files_to_remove.files }}"
|
|
loop_control:
|
|
label: "{{ item.path | ansible.builtin.basename }}"
|
|
notify: Restart nginx
|