--- - include: packages.yml - include: server_status_read.yml tags: - nginx # TODO: find a way to override the main configuration # without touching the main file - name: customize worker_connections lineinfile: dest: /etc/nginx/nginx.conf regexp: '^(\s*worker_connections)\s+.+;' line: ' worker_connections 1024;' insertafter: 'events \{' tags: - nginx - name: use epoll lineinfile: dest: /etc/nginx/nginx.conf regexp: '^(\s*use)\s+.+;' line: ' use epoll;' insertafter: 'events \{' tags: - nginx - name: Install Nginx http configuration copy: src: nginx/evolinux-defaults.conf dest: /etc/nginx/conf.d/z-evolinux-defaults.conf mode: "0640" # force: yes notify: reload nginx tags: - nginx # TODO: verify that those permissions are correct : # not too strict for ipaddr_whitelist # and not too loose for private_htpasswd - name: Copy ipaddr_whitelist copy: src: nginx/snippets/ipaddr_whitelist dest: /etc/nginx/snippets/ipaddr_whitelist owner: www-data group: www-data directory_mode: "0640" mode: "0640" force: no notify: reload nginx tags: - nginx - ips - name: Include IP address whitelist task include: ip_whitelist.yml - name: Copy private_htpasswd copy: src: nginx/snippets/private_htpasswd dest: /etc/nginx/snippets/private_htpasswd owner: www-data group: www-data directory_mode: "0640" mode: "0640" force: no notify: reload nginx tags: - nginx - name: add user:pwd to private htpasswd lineinfile: dest: /etc/nginx/snippets/private_htpasswd line: "{{ item }}" state: present with_items: "{{ nginx_private_htpasswd_present }}" notify: reload nginx tags: - nginx - name: remove user:pwd from private htpasswd lineinfile: dest: /etc/nginx/snippets/private_htpasswd line: "{{ item }}" state: absent with_items: "{{ nginx_private_htpasswd_absent }}" notify: reload nginx tags: - nginx - name: nginx vhost is installed template: src: "{{ nginx_default_template_regular }}" dest: /etc/nginx/sites-available/evolinux-default.conf mode: "0640" force: "{{ nginx_force_default_template | default(False) }}" notify: reload nginx tags: - nginx - name: default vhost is enabled file: src: /etc/nginx/sites-available/evolinux-default.conf dest: /etc/nginx/sites-enabled/default state: link force: yes notify: reload nginx when: nginx_evolinux_default_enabled tags: - nginx - include: server_status_write.yml tags: - nginx # - block: # - name: generate random string for phpmyadmin suffix # command: "apg -a 1 -M N -n 1" # changed_when: False # register: random_phpmyadmin_suffix # # - name: overwrite nginx_phpmyadmin_suffix # set_fact: # nginx_phpmyadmin_suffix: "{{ random_phpmyadmin_suffix.stdout }}" # when: nginx_phpmyadmin_suffix == "" # # - name: replace phpmyadmin suffix in default site index # replace: # dest: /var/www/index.html # regexp: '__PHPMYADMIN_SUFFIX__' # replace: "{{ nginx_phpmyadmin_suffix }}" # # - block: # - name: generate random string for serverstatus suffix # command: "apg -a 1 -M N -n 1" # changed_when: False # register: random_serverstatus_suffix # # - name: overwrite nginx_serverstatus_suffix # set_fact: # nginx_serverstatus_suffix: "{{ random_phpmyadmin_suffix.stdout }}" # when: nginx_serverstatus_suffix == "" # # - name: replace server-status suffix in default site index # replace: # dest: /var/www/index.html # regexp: '__SERVERSTATUS_SUFFIX__' # replace: "{{ nginx_serverstatus_suffix }}" - name: Verify that the service is enabled and started service: name: nginx enabled: yes state: started tags: - nginx - name: Check if Munin is installed stat: path: /etc/munin/plugin-conf.d/munin-node check_mode: no register: stat_munin_node tags: - nginx - munin - include: munin_vhost.yml when: stat_munin_node.stat.exists tags: - nginx - munin - include: munin_graphs.yml when: stat_munin_node.stat.exists tags: - nginx - munin - include: logrotate.yml