2016-09-30 10:59:00 +02:00
|
|
|
---
|
2017-07-13 09:59:37 +02:00
|
|
|
|
2023-03-20 23:33:19 +01:00
|
|
|
- ansible.builtin.debug:
|
2021-02-04 11:31:36 +01:00
|
|
|
msg: "Nginx minimal mode has been removed, falling back to normal mode."
|
2021-10-18 14:54:09 +02:00
|
|
|
when: not nginx_minimal | bool
|
|
|
|
|
2023-03-20 23:33:19 +01:00
|
|
|
- ansible.builtin.debug:
|
2021-10-18 14:54:09 +02:00
|
|
|
msg: "Nginx minimal mode has been set, using minimal mode."
|
2021-05-09 23:06:42 +02:00
|
|
|
when: nginx_minimal | bool
|
2017-07-13 09:59:37 +02:00
|
|
|
|
2023-03-20 23:33:19 +01:00
|
|
|
- ansible.builtin.include: packages.yml
|
2021-02-04 11:31:36 +01:00
|
|
|
|
2023-03-20 23:33:19 +01:00
|
|
|
- ansible.builtin.include: server_status_read.yml
|
2021-02-04 11:31:36 +01:00
|
|
|
tags:
|
|
|
|
- nginx
|
|
|
|
|
|
|
|
# TODO: find a way to override the main configuration
|
|
|
|
# without touching the main file
|
|
|
|
|
|
|
|
- name: customize worker_connections
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.lineinfile:
|
2021-02-04 11:31:36 +01:00
|
|
|
dest: /etc/nginx/nginx.conf
|
2024-02-06 08:46:20 +01:00
|
|
|
regexp: '^(\s*)worker_connections\s+.+;'
|
2023-10-18 22:12:35 +02:00
|
|
|
line: '\1worker_connections 1024;'
|
2021-02-04 11:31:36 +01:00
|
|
|
insertafter: 'events \{'
|
2023-10-18 22:12:35 +02:00
|
|
|
backrefs: yes
|
2024-01-03 11:29:20 +01:00
|
|
|
when: not ansible_check_mode
|
2021-02-04 11:31:36 +01:00
|
|
|
tags:
|
|
|
|
- nginx
|
|
|
|
|
|
|
|
- name: use epoll
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.lineinfile:
|
2021-02-04 11:31:36 +01:00
|
|
|
dest: /etc/nginx/nginx.conf
|
2024-02-06 08:46:20 +01:00
|
|
|
regexp: '^(\s*)use\s+.+;'
|
2023-10-18 22:12:35 +02:00
|
|
|
line: '\1use epoll;'
|
2021-02-04 11:31:36 +01:00
|
|
|
insertafter: 'events \{'
|
2023-10-18 22:12:35 +02:00
|
|
|
backrefs: yes
|
2024-01-03 11:29:20 +01:00
|
|
|
when: not ansible_check_mode
|
2021-02-04 11:31:36 +01:00
|
|
|
tags:
|
|
|
|
- nginx
|
|
|
|
|
|
|
|
- name: Install Nginx http configuration
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.copy:
|
2021-02-04 11:31:36 +01:00
|
|
|
src: nginx/evolinux-defaults.conf
|
|
|
|
dest: /etc/nginx/conf.d/z-evolinux-defaults.conf
|
|
|
|
mode: "0640"
|
2023-06-28 13:22:59 +02:00
|
|
|
# force: true
|
2021-02-04 11:31:36 +01:00
|
|
|
notify: reload nginx
|
|
|
|
tags:
|
|
|
|
- nginx
|
|
|
|
|
|
|
|
# TODO: verify that those permissions are correct :
|
|
|
|
# not too strict for ipaddr_whitelist
|
|
|
|
# and not too loose for private_htpasswd
|
|
|
|
|
|
|
|
- name: Copy ipaddr_whitelist
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.copy:
|
2021-02-04 11:31:36 +01:00
|
|
|
src: nginx/snippets/ipaddr_whitelist
|
|
|
|
dest: /etc/nginx/snippets/ipaddr_whitelist
|
|
|
|
owner: www-data
|
|
|
|
group: www-data
|
|
|
|
directory_mode: "0640"
|
|
|
|
mode: "0640"
|
2023-06-28 13:22:59 +02:00
|
|
|
force: false
|
2021-02-04 11:31:36 +01:00
|
|
|
notify: reload nginx
|
|
|
|
tags:
|
|
|
|
- nginx
|
|
|
|
- ips
|
|
|
|
|
|
|
|
- name: Include IP address whitelist task
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.include: ip_whitelist.yml
|
2021-02-04 11:31:36 +01:00
|
|
|
|
2023-01-06 09:54:51 +01:00
|
|
|
- name: Copy evolinux_server_custom
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.copy:
|
2022-02-15 17:46:14 +01:00
|
|
|
src: nginx/snippets/evolinux_server_custom
|
|
|
|
dest: /etc/nginx/snippets/evolinux_server_custom
|
|
|
|
owner: www-data
|
|
|
|
group: www-data
|
|
|
|
directory_mode: "0640"
|
|
|
|
mode: "0640"
|
2023-06-28 13:22:59 +02:00
|
|
|
force: false
|
2022-02-15 17:46:14 +01:00
|
|
|
notify: reload nginx
|
|
|
|
tags:
|
|
|
|
- nginx
|
|
|
|
- ips
|
|
|
|
|
2021-02-04 11:31:36 +01:00
|
|
|
- name: Copy private_htpasswd
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.copy:
|
2021-02-04 11:31:36 +01:00
|
|
|
src: nginx/snippets/private_htpasswd
|
|
|
|
dest: /etc/nginx/snippets/private_htpasswd
|
|
|
|
owner: www-data
|
|
|
|
group: www-data
|
|
|
|
directory_mode: "0640"
|
|
|
|
mode: "0640"
|
2023-06-28 13:22:59 +02:00
|
|
|
force: false
|
2021-02-04 11:31:36 +01:00
|
|
|
notify: reload nginx
|
|
|
|
tags:
|
|
|
|
- nginx
|
|
|
|
|
|
|
|
- name: add user:pwd to private htpasswd
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.lineinfile:
|
2021-02-04 11:31:36 +01:00
|
|
|
dest: /etc/nginx/snippets/private_htpasswd
|
|
|
|
line: "{{ item }}"
|
|
|
|
state: present
|
2021-05-04 14:18:40 +02:00
|
|
|
loop: "{{ nginx_private_htpasswd_present }}"
|
2021-02-04 11:31:36 +01:00
|
|
|
notify: reload nginx
|
|
|
|
tags:
|
|
|
|
- nginx
|
|
|
|
|
|
|
|
- name: remove user:pwd from private htpasswd
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.lineinfile:
|
2021-02-04 11:31:36 +01:00
|
|
|
dest: /etc/nginx/snippets/private_htpasswd
|
|
|
|
line: "{{ item }}"
|
|
|
|
state: absent
|
2021-05-04 14:18:40 +02:00
|
|
|
loop: "{{ nginx_private_htpasswd_absent }}"
|
2021-02-04 11:31:36 +01:00
|
|
|
notify: reload nginx
|
|
|
|
tags:
|
|
|
|
- nginx
|
|
|
|
|
|
|
|
- name: nginx vhost is installed
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.template:
|
2021-02-04 11:31:36 +01:00
|
|
|
src: "{{ nginx_default_template_regular }}"
|
|
|
|
dest: /etc/nginx/sites-available/evolinux-default.conf
|
|
|
|
mode: "0640"
|
|
|
|
force: "{{ nginx_force_default_template | default(False) }}"
|
|
|
|
notify: reload nginx
|
|
|
|
tags:
|
|
|
|
- nginx
|
|
|
|
|
|
|
|
- name: default vhost is enabled
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.file:
|
2021-02-04 11:31:36 +01:00
|
|
|
src: /etc/nginx/sites-available/evolinux-default.conf
|
|
|
|
dest: /etc/nginx/sites-enabled/default
|
|
|
|
state: link
|
2023-06-28 13:22:59 +02:00
|
|
|
force: true
|
2021-02-04 11:31:36 +01:00
|
|
|
notify: reload nginx
|
2021-05-09 23:06:42 +02:00
|
|
|
when: nginx_evolinux_default_enabled | bool
|
2021-02-04 11:31:36 +01:00
|
|
|
tags:
|
|
|
|
- nginx
|
|
|
|
|
2023-03-20 23:33:19 +01:00
|
|
|
- ansible.builtin.include: server_status_write.yml
|
2021-02-04 11:31:36 +01:00
|
|
|
tags:
|
|
|
|
- nginx
|
|
|
|
|
|
|
|
- name: Verify that the service is enabled and started
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.service:
|
2021-02-04 11:31:36 +01:00
|
|
|
name: nginx
|
|
|
|
enabled: yes
|
|
|
|
state: started
|
2024-01-03 11:29:20 +01:00
|
|
|
when: not ansible_check_mode
|
2021-02-04 11:31:36 +01:00
|
|
|
tags:
|
|
|
|
- nginx
|
|
|
|
|
|
|
|
- name: Check if Munin is installed
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.stat:
|
2021-02-04 11:31:36 +01:00
|
|
|
path: /etc/munin/plugin-conf.d/munin-node
|
|
|
|
check_mode: no
|
|
|
|
register: stat_munin_node
|
|
|
|
tags:
|
|
|
|
- nginx
|
|
|
|
- munin
|
|
|
|
|
2023-03-20 23:33:19 +01:00
|
|
|
- ansible.builtin.include: munin_vhost.yml
|
2021-02-04 11:31:36 +01:00
|
|
|
when: stat_munin_node.stat.exists
|
|
|
|
tags:
|
|
|
|
- nginx
|
|
|
|
- munin
|
|
|
|
|
2023-03-20 23:33:19 +01:00
|
|
|
- ansible.builtin.include: munin_graphs.yml
|
2021-02-04 11:31:36 +01:00
|
|
|
when: stat_munin_node.stat.exists
|
|
|
|
tags:
|
|
|
|
- nginx
|
|
|
|
- munin
|
|
|
|
|
2023-03-20 23:33:19 +01:00
|
|
|
- ansible.builtin.include: logrotate.yml
|