ansible-roles/nginx/tasks/main.yml

---
- name: Ensure Nginx is installed
  apt:
    name: nginx-full
    state: installed
  notify: restart nginx
  tags:
  - nginx
  - packages

# TODO: find a way to override the main configuration
# without touching the main file

- name: customize worker_connections
  lineinfile:
    dest: /etc/nginx/nginx.conf
    regexp: '^(\s*worker_connections)\s+.+;'
    line: '    worker_connections 1024;'
    insertafter: 'events \{'
  tags:
  - nginx

- name: use epoll
  lineinfile:
    dest: /etc/nginx/nginx.conf
    regexp: '^(\s*use)\s+.+;'
    line: '    use epoll;'
    insertafter: 'events \{'
  tags:
  - nginx

- name: Install Nginx http configuration
  copy:
    src: nginx/evolinux-defaults.conf
    dest: /etc/nginx/conf.d/z-evolinux-defaults.conf
    mode: "640"
    # force: yes
  notify: reload nginx
  tags:
  - nginx

# TODO: verify that those permissions are correct :
# not too strict for private_ipaddr_whitelist
# and not too loose for private_htpasswd

- name: Copy private_ipaddr_whitelist
  copy:
    src: nginx/snippets/private_ipaddr_whitelist
    dest: /etc/nginx/snippets/private_ipaddr_whitelist
    owner: www-data
    group: www-data
    directory_mode: "640"
    mode: "640"
    force: no
  notify: reload nginx
  tags:
  - nginx

- name: add IP addresses to private IP whitelist
  lineinfile:
    dest: /etc/nginx/snippets/private_ipaddr_whitelist
    line: "allow {{ item }};"
    state: present
  with_items: "{{ nginx_private_ipaddr_whitelist_present }}"
  notify: reload nginx
  tags:
  - nginx

- name: remove IP addresses from private IP whitelist
  lineinfile:
    dest: /etc/nginx/snippets/private_ipaddr_whitelist
    line: "allow {{ item }};"
    state: absent
  with_items: "{{ nginx_private_ipaddr_whitelist_absent }}"
  notify: reload nginx
  tags:
  - nginx

- name: Copy private_htpasswd
  copy:
    src: nginx/snippets/private_htpasswd
    dest: /etc/nginx/snippets/private_htpasswd
    owner: www-data
    group: www-data
    directory_mode: "640"
    mode: "640"
    force: no
  notify: reload nginx
  tags:
  - nginx

- name: add user:pwd to private htpasswd
  lineinfile:
    dest: /etc/nginx/snippets/private_htpasswd
    line: "{{ item }}"
    state: present
  with_items: "{{ nginx_private_htpasswd_present }}"
  notify: reload nginx
  tags:
  - nginx

- name: remove user:pwd from private htpasswd
  lineinfile:
    dest: /etc/nginx/snippets/private_htpasswd
    line: "{{ item }}"
    state: absent
  with_items: "{{ nginx_private_htpasswd_absent }}"
  notify: reload nginx
  tags:
  - nginx

- name: Verify that the service is enabled and started
  service:
    name: nginx
    enabled: yes
    state: started
  tags:
  - nginx

- name: Check if Munin is installed
  stat:
    path: /etc/munin/plugin-conf.d/munin-node
  register: stat_munin_node
  tags:
  - nginx
  - munin

- include: munin_vhost.yml
  when: stat_munin_node.stat.exists
  tags:
  - nginx
  - munin

- include: munin_graphs.yml
  when: stat_munin_node.stat.exists
  tags:
  - nginx
  - munin

- include: logrotate.yml
add an nginx role 2016-09-30 10:59:00 +02:00			`---`
			`- name: Ensure Nginx is installed`
			`apt:`
			`name: nginx-full`
			`state: installed`
			`notify: restart nginx`
			`tags:`
Extract logrotate configurations in roles 2017-01-03 16:50:46 +01:00			`- nginx`
			`- packages`
add an nginx role 2016-09-30 10:59:00 +02:00
Squash: conventions, evolinux, etc-git… 2016-11-07 14:00:57 +01:00			`# TODO: find a way to override the main configuration`
			`# without touching the main file`

			`- name: customize worker_connections`
			`lineinfile:`
add an nginx role 2016-09-30 10:59:00 +02:00			`dest: /etc/nginx/nginx.conf`
Squash: conventions, evolinux, etc-git… 2016-11-07 14:00:57 +01:00			`regexp: '^(\s*worker_connections)\s+.+;'`
			`line: ' worker_connections 1024;'`
			`insertafter: 'events \{'`
Extract logrotate configurations in roles 2017-01-03 16:50:46 +01:00			`tags:`
			`- nginx`
Squash: conventions, evolinux, etc-git… 2016-11-07 14:00:57 +01:00
			`- name: use epoll`
			`lineinfile:`
			`dest: /etc/nginx/nginx.conf`
			`regexp: '^(\s*use)\s+.+;'`
			`line: ' use epoll;'`
			`insertafter: 'events \{'`
Extract logrotate configurations in roles 2017-01-03 16:50:46 +01:00			`tags:`
			`- nginx`
Squash: conventions, evolinux, etc-git… 2016-11-07 14:00:57 +01:00
			`- name: Install Nginx http configuration`
			`copy:`
			`src: nginx/evolinux-defaults.conf`
			`dest: /etc/nginx/conf.d/z-evolinux-defaults.conf`
Unix mode MUST be a quoted string when using octal notation 2017-01-05 11:58:01 +01:00			`mode: "640"`
add an nginx role 2016-09-30 10:59:00 +02:00			`# force: yes`
			`notify: reload nginx`
			`tags:`
Extract logrotate configurations in roles 2017-01-03 16:50:46 +01:00			`- nginx`
add an nginx role 2016-09-30 10:59:00 +02:00
Squash: conventions, evolinux, etc-git… 2016-11-07 14:00:57 +01:00			`# TODO: verify that those permissions are correct :`
Nginx: file permissions 2016-11-22 17:01:29 +01:00			`# not too strict for private_ipaddr_whitelist`
			`# and not too loose for private_htpasswd`

Nginx: snippets are managed separately 2016-11-23 16:55:02 +01:00			`- name: Copy private_ipaddr_whitelist`
add an nginx role 2016-09-30 10:59:00 +02:00			`copy:`
Nginx: snippets are managed separately 2016-11-23 16:55:02 +01:00			`src: nginx/snippets/private_ipaddr_whitelist`
			`dest: /etc/nginx/snippets/private_ipaddr_whitelist`
Nginx: file permissions 2016-11-22 17:01:29 +01:00			`owner: www-data`
			`group: www-data`
Unix mode MUST be a quoted string when using octal notation 2017-01-05 11:58:01 +01:00			`directory_mode: "640"`
			`mode: "640"`
Nginx: snippets are managed separately 2016-11-23 16:55:02 +01:00			`force: no`
add an nginx role 2016-09-30 10:59:00 +02:00			`notify: reload nginx`
			`tags:`
Extract logrotate configurations in roles 2017-01-03 16:50:46 +01:00			`- nginx`
add an nginx role 2016-09-30 10:59:00 +02:00
			`- name: add IP addresses to private IP whitelist`
			`lineinfile:`
			`dest: /etc/nginx/snippets/private_ipaddr_whitelist`
			`line: "allow {{ item }};"`
			`state: present`
			`with_items: "{{ nginx_private_ipaddr_whitelist_present }}"`
Nginx: snippets are managed separately 2016-11-23 16:55:02 +01:00			`notify: reload nginx`
Extract logrotate configurations in roles 2017-01-03 16:50:46 +01:00			`tags:`
			`- nginx`
add an nginx role 2016-09-30 10:59:00 +02:00
			`- name: remove IP addresses from private IP whitelist`
			`lineinfile:`
			`dest: /etc/nginx/snippets/private_ipaddr_whitelist`
			`line: "allow {{ item }};"`
			`state: absent`
			`with_items: "{{ nginx_private_ipaddr_whitelist_absent }}"`
Nginx: snippets are managed separately 2016-11-23 16:55:02 +01:00			`notify: reload nginx`
Extract logrotate configurations in roles 2017-01-03 16:50:46 +01:00			`tags:`
			`- nginx`
Nginx: snippets are managed separately 2016-11-23 16:55:02 +01:00
			`- name: Copy private_htpasswd`
			`copy:`
			`src: nginx/snippets/private_htpasswd`
			`dest: /etc/nginx/snippets/private_htpasswd`
			`owner: www-data`
			`group: www-data`
Unix mode MUST be a quoted string when using octal notation 2017-01-05 11:58:01 +01:00			`directory_mode: "640"`
			`mode: "640"`
Nginx: snippets are managed separately 2016-11-23 16:55:02 +01:00			`force: no`
			`notify: reload nginx`
			`tags:`
Extract logrotate configurations in roles 2017-01-03 16:50:46 +01:00			`- nginx`
add an nginx role 2016-09-30 10:59:00 +02:00
			`- name: add user:pwd to private htpasswd`
			`lineinfile:`
			`dest: /etc/nginx/snippets/private_htpasswd`
			`line: "{{ item }}"`
			`state: present`
			`with_items: "{{ nginx_private_htpasswd_present }}"`
Nginx: snippets are managed separately 2016-11-23 16:55:02 +01:00			`notify: reload nginx`
Extract logrotate configurations in roles 2017-01-03 16:50:46 +01:00			`tags:`
			`- nginx`
add an nginx role 2016-09-30 10:59:00 +02:00
			`- name: remove user:pwd from private htpasswd`
			`lineinfile:`
			`dest: /etc/nginx/snippets/private_htpasswd`
			`line: "{{ item }}"`
			`state: absent`
			`with_items: "{{ nginx_private_htpasswd_absent }}"`
Nginx: snippets are managed separately 2016-11-23 16:55:02 +01:00			`notify: reload nginx`
Extract logrotate configurations in roles 2017-01-03 16:50:46 +01:00			`tags:`
			`- nginx`
add an nginx role 2016-09-30 10:59:00 +02:00
			`- name: Verify that the service is enabled and started`
			`service:`
			`name: nginx`
			`enabled: yes`
			`state: started`
			`tags:`
Extract logrotate configurations in roles 2017-01-03 16:50:46 +01:00			`- nginx`
add an nginx role 2016-09-30 10:59:00 +02:00
			`- name: Check if Munin is installed`
			`stat:`
			`path: /etc/munin/plugin-conf.d/munin-node`
			`register: stat_munin_node`
			`tags:`
Extract logrotate configurations in roles 2017-01-03 16:50:46 +01:00			`- nginx`
			`- munin`
add an nginx role 2016-09-30 10:59:00 +02:00
Squash: conventions, evolinux, etc-git… 2016-11-07 14:00:57 +01:00			`- include: munin_vhost.yml`
			`when: stat_munin_node.stat.exists`
			`tags:`
Extract logrotate configurations in roles 2017-01-03 16:50:46 +01:00			`- nginx`
			`- munin`
Squash: conventions, evolinux, etc-git… 2016-11-07 14:00:57 +01:00
			`- include: munin_graphs.yml`
add an nginx role 2016-09-30 10:59:00 +02:00			`when: stat_munin_node.stat.exists`
			`tags:`
Extract logrotate configurations in roles 2017-01-03 16:50:46 +01:00			`- nginx`
			`- munin`

			`- include: logrotate.yml`