--- - ansible.builtin.debug: msg: "Nginx minimal mode has been removed, falling back to normal mode." when: not nginx_minimal | bool - ansible.builtin.debug: msg: "Nginx minimal mode has been set, using minimal mode." when: nginx_minimal | bool - ansible.builtin.include: packages.yml - ansible.builtin.include: server_status_read.yml tags: - nginx # TODO: find a way to override the main configuration # without touching the main file - name: customize worker_connections ansible.builtin.lineinfile: dest: /etc/nginx/nginx.conf regexp: '^(\s*)worker_connections\s+.+;' line: '\1worker_connections 1024;' insertafter: 'events \{' backrefs: yes when: not ansible_check_mode tags: - nginx - name: use epoll ansible.builtin.lineinfile: dest: /etc/nginx/nginx.conf regexp: '^(\s*)use\s+.+;' line: '\1use epoll;' insertafter: 'events \{' backrefs: yes when: not ansible_check_mode tags: - nginx - name: Install Nginx http configuration ansible.builtin.copy: src: nginx/evolinux-defaults.conf dest: /etc/nginx/conf.d/z-evolinux-defaults.conf mode: "0640" # force: true notify: reload nginx tags: - nginx # TODO: verify that those permissions are correct : # not too strict for ipaddr_whitelist # and not too loose for private_htpasswd - name: Copy ipaddr_whitelist ansible.builtin.copy: src: nginx/snippets/ipaddr_whitelist dest: /etc/nginx/snippets/ipaddr_whitelist owner: www-data group: www-data directory_mode: "0640" mode: "0640" force: false notify: reload nginx tags: - nginx - ips - name: Include IP address whitelist task ansible.builtin.include: ip_whitelist.yml - name: Copy evolinux_server_custom ansible.builtin.copy: src: nginx/snippets/evolinux_server_custom dest: /etc/nginx/snippets/evolinux_server_custom owner: www-data group: www-data directory_mode: "0640" mode: "0640" force: false notify: reload nginx tags: - nginx - ips - name: Copy private_htpasswd ansible.builtin.copy: src: nginx/snippets/private_htpasswd dest: /etc/nginx/snippets/private_htpasswd owner: www-data group: www-data directory_mode: "0640" mode: "0640" force: false notify: reload nginx tags: - nginx - name: add user:pwd to private htpasswd ansible.builtin.lineinfile: dest: /etc/nginx/snippets/private_htpasswd line: "{{ item }}" state: present loop: "{{ nginx_private_htpasswd_present }}" notify: reload nginx tags: - nginx - name: remove user:pwd from private htpasswd ansible.builtin.lineinfile: dest: /etc/nginx/snippets/private_htpasswd line: "{{ item }}" state: absent loop: "{{ nginx_private_htpasswd_absent }}" notify: reload nginx tags: - nginx - name: nginx vhost is installed ansible.builtin.template: src: "{{ nginx_default_template_regular }}" dest: /etc/nginx/sites-available/evolinux-default.conf mode: "0640" force: "{{ nginx_force_default_template | default(False) }}" notify: reload nginx tags: - nginx - name: default vhost is enabled ansible.builtin.file: src: /etc/nginx/sites-available/evolinux-default.conf dest: /etc/nginx/sites-enabled/default state: link force: true notify: reload nginx when: nginx_evolinux_default_enabled | bool tags: - nginx - ansible.builtin.include: server_status_write.yml tags: - nginx - name: Verify that the service is enabled and started ansible.builtin.service: name: nginx enabled: yes state: started when: not ansible_check_mode tags: - nginx - name: Check if Munin is installed ansible.builtin.stat: path: /etc/munin/plugin-conf.d/munin-node check_mode: no register: stat_munin_node tags: - nginx - munin - ansible.builtin.include: munin_vhost.yml when: stat_munin_node.stat.exists tags: - nginx - munin - ansible.builtin.include: munin_graphs.yml when: stat_munin_node.stat.exists tags: - nginx - munin - ansible.builtin.include: logrotate.yml