WIP: generiek nginx role

2024-07-14 21:43:53 +02:00 · 2024-07-14 21:43:53 +02:00 · 8df1cba71c
commit 8df1cba71c
parent ea3b17ef2d
14 changed files with 278 additions and 15 deletions
--- a/roles/nginx/tasks/main.yaml
+++ b/roles/nginx/tasks/main.yaml
@ -0,0 +1,80 @@
+---
+
+- name: Install nginx base package
+  ansible.builtin.apt:
+    name: "{{ nginx_package }}"
+    state: present
+  when:
+    - nginx_sites is defined
+
+- name: Create sites-available / sites-enabled directories
+  ansible.builtin.file:
+    state: directory
+    path: "{{ item.path }}"
+    owner: "{{ item.owner | default('root') }}"
+    group: "{{ item.group | default('root') }}"
+    mode: "{{ item.mode | default('0755') }}"
+  with_items:
+    - { path: "/etc/nginx/sites-available" }
+    - { path: "/etc/nginx/sites-enabled" }
+  notify: Reload nginx
+  when:
+    - nginx_sites is defined
+
+- name: Template default nginx config files
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: "{{ item.owner | default('root') }}"
+    group: "{{ item.group | default('root') }}"
+    mode: "{{ item.mode | default('0644') }}"
+    force: "{{ item.force | default('yes') }}"
+    backup: true
+  loop_control:
+    label: "{{ item.dest }}"
+  with_items:
+    - { src: "etc-nginx.conf.j2",   dest: "/etc/nginx/nginx.conf", notify: "Reload nginx" }
+    - { src: "tls_params.j2",       dest: "/etc/nginx/tls_params", notify: "Reload nginx" }
+    - { src: "default.j2",          dest: "/etc/nginx/sites-available/default", notify: "Reload nginx" }
+#    - { src: "dhparam.pem.j2", dest: "{{ nginx_dhparams_file }}", notify: "Reload nginx" }
+#    - { src: "check_nginx.j2", dest: "{{ nagios_plugin_location }}/check_nginx", mode: '755' }
+#    - { src: "nrpe-check_nginx.j2", dest: "/etc/nagios/nrpe.d/10-nginx.cfg", notify: "Restart nrpe" }
+  notify: "{{ item.notify | default(omit) }}"
+  when:
+    - nginx_sites is defined
+
+- name: Template site-specific configs
+  ansible.builtin.template:
+    src: "site.conf.j2"
+    dest: "/etc/nginx/sites-available/{{ site.server_name }}.conf"
+    owner: "{{ site.owner | default('root') }}"
+    group: "{{ site.group | default('root') }}"
+    mode:  "{{ site.mode  | default('0644') }}"
+    force: "{{ site.force | default('yes') }}"
+    backup: true
+  loop: "{{ nginx_sites }}"
+  loop_control:
+    loop_var: site
+    label: "{{ site.server_name }}"
+  notify: Reload nginx
+  when:
+    - nginx_sites is defined
+  tags:
+    - nginxextra
+    - nginx_site
+
+- name: Enable nginx sites
+  ansible.builtin.file:
+    src: "/etc/nginx/sites-available/{{ site.server_name }}.conf"
+    path: "/etc/nginx/sites-enabled/{{ site.server_name }}.conf"
+    state: "{% if site.disabled | default(false) %}absent{% else %}link{% endif %}"
+    mode: "0644"
+  loop: "{{ nginx_sites }}"
+  loop_control:
+    loop_var: site
+    label: "{{ site.server_name }}"
+  notify: Reload nginx
+  when:
+    - nginx_sites is defined
+  ignore_errors: "{{ ansible_check_mode }}"
+