mg/homeserver
1
0
Fork 0
Code Issues 1 Pull requests 1 Activity Actions
homeserver/roles/hispanico.nginx-revproxy/tasks/main.yml
Michael Grote 7df8c091a1 first commit
2020-08-18 11:57:53 +02:00

191 lines
3.9 KiB
YAML
Raw Blame History

---
- name: Install Nginx and ssl-cert
apt:
name:
- nginx
- ssl-cert
state: present
register:
nginxinstalled
delay: 10
retries: 12
until: nginxinstalled is successful
tags:
- nginxrevproxy
- packages
- name: Install python-passlib for Python 3 hosts
apt:
name:
- "python3-passlib"
state: present
register:
result
delay: 10
retries: 12
until: result is successful
tags:
- nginxrevproxy
- packages
when:
- ansible_python['version']['major'] == 3
- name: Install python-passlib for Python 2 hosts
apt:
name:
- "python-passlib"
state: present
register:
result
delay: 10
retries: 12
until: result is successful
tags:
- nginxrevproxy
- packages
when:
- ansible_python['version']['major'] == 2
- name: Set up nginx directories
file:
path: "/etc/nginx/{{ item }}"
state: directory
owner: root
group: root
with_items:
- sites-available
- sites-enabled
tags:
- nginxrevproxy
- name: Add authentication
htpasswd:
path: "/etc/nginx/{{ item.key }}_htpasswd"
name: "{{ item.value.auth.login }}"
password: "{{ item.value.auth.password }}"
with_dict: "{{ nginx_revproxy_sites }}"
when:
- nginxinstalled is success
- item.value.auth is defined
tags:
- nginxrevproxy
- name: Add Site Config
template:
src: reverseproxy.conf.j2
dest: /etc/nginx/sites-available/{{ item.key }}.conf
owner: root
group: root
with_dict: "{{ nginx_revproxy_sites }}"
register:
siteconfig
when:
- nginxinstalled is success
- not item.value.ssl | default(True)
- not item.value.letsencrypt | default(True)
tags:
- nginxrevproxy
- name: Add Https Site Config
template:
src: reverseproxy_ssl.conf.j2
dest: /etc/nginx/sites-available/{{ item.key }}.conf
owner: root
group: root
with_dict: "{{ nginx_revproxy_sites }}"
register:
siteconfig
when:
- nginxinstalled is success
- item.value.ssl | default(False)
- not item.value.letsencrypt | default(True)
tags:
- nginxrevproxy
- name: Get Active Sites
command: ls -1 /etc/nginx/sites-enabled/
changed_when: "active.stdout_lines != nginx_revproxy_sites.keys()|sort()"
check_mode: false
register: active
tags:
- nginxrevproxy
- name: De-activate Sites
file:
path: /etc/nginx/sites-enabled/{{ item }}
state: absent
with_items: "{{ active.stdout_lines }}"
notify: Reload Nginx
when:
- item not in nginx_revproxy_sites
tags:
- nginxrevproxy
- name: Enable Site Config
file:
src: /etc/nginx/sites-available/{{ item.key }}.conf
dest: /etc/nginx/sites-enabled/{{ item.key }}
state: link
with_dict: "{{ nginx_revproxy_sites }}"
notify: Reload Nginx
when:
- siteconfig is success
- not item.value.letsencrypt | default(True)
- not ansible_check_mode
tags:
- nginxrevproxy
- name: Create WebRoot sites
file:
dest: /var/www/{{ item.key }}/.well-known
mode: 0775
state: directory
owner: www-data
group: www-data
with_dict: "{{ nginx_revproxy_sites }}"
notify: Reload Nginx
when:
- nginxinstalled is success
tags:
- nginxrevproxy
- name: WebRoot Permissions Sites
file:
dest: /var/www/{{ item.key }}
mode: 0775
state: directory
owner: www-data
group: www-data
recurse: true
with_dict: "{{ nginx_revproxy_sites }}"
notify: Reload Nginx
when:
- nginxinstalled is success
tags:
- nginxrevproxy
- name: Get WebRoot Sites
command: ls -1 /var/www/
changed_when: "webroot.stdout_lines != nginx_revproxy_sites.keys()|sort()"
check_mode: false
register: webroot
tags:
- nginxrevproxy
- name: Remove WebRoot Sites
file:
path: /var/www/{{ item }}/
state: absent
with_items: "{{ webroot.stdout_lines }}"
notify: Reload Nginx
when:
- item not in nginx_revproxy_sites
tags:
- nginxrevproxy
- include_tasks: letsencrypt.yml
tags:
- lesencrypt
- nginxrevproxy
Reference in a new issue View git blame Copy permalink