Jérémy Lecour
ee21973371
All checks were successful
Ansible Lint |Total|New|Outstanding|Fixed|Trend
|:-:|:-:|:-:|:-:|:-:
|2777|524|2253|2462|:+1:
Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/223//ansiblelint">Evolix » ansible-roles » unstable #223</a>
gitea/ansible-roles/pipeline/head This commit looks good
Fully Qualified Collection Name
171 lines
3.9 KiB
YAML
171 lines
3.9 KiB
YAML
---
|
|
|
|
- ansible.builtin.debug:
|
|
msg: "Nginx minimal mode has been removed, falling back to normal mode."
|
|
when: not nginx_minimal | bool
|
|
|
|
- ansible.builtin.debug:
|
|
msg: "Nginx minimal mode has been set, using minimal mode."
|
|
when: nginx_minimal | bool
|
|
|
|
- ansible.builtin.include: packages.yml
|
|
|
|
- ansible.builtin.include: server_status_read.yml
|
|
tags:
|
|
- nginx
|
|
|
|
# TODO: find a way to override the main configuration
|
|
# without touching the main file
|
|
|
|
- name: customize worker_connections
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/nginx/nginx.conf
|
|
regexp: '^(\s*worker_connections)\s+.+;'
|
|
line: ' worker_connections 1024;'
|
|
insertafter: 'events \{'
|
|
tags:
|
|
- nginx
|
|
|
|
- name: use epoll
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/nginx/nginx.conf
|
|
regexp: '^(\s*use)\s+.+;'
|
|
line: ' use epoll;'
|
|
insertafter: 'events \{'
|
|
tags:
|
|
- nginx
|
|
|
|
- name: Install Nginx http configuration
|
|
ansible.builtin.copy:
|
|
src: nginx/evolinux-defaults.conf
|
|
dest: /etc/nginx/conf.d/z-evolinux-defaults.conf
|
|
mode: "0640"
|
|
# force: yes
|
|
notify: reload nginx
|
|
tags:
|
|
- nginx
|
|
|
|
# TODO: verify that those permissions are correct :
|
|
# not too strict for ipaddr_whitelist
|
|
# and not too loose for private_htpasswd
|
|
|
|
- name: Copy ipaddr_whitelist
|
|
ansible.builtin.copy:
|
|
src: nginx/snippets/ipaddr_whitelist
|
|
dest: /etc/nginx/snippets/ipaddr_whitelist
|
|
owner: www-data
|
|
group: www-data
|
|
directory_mode: "0640"
|
|
mode: "0640"
|
|
force: no
|
|
notify: reload nginx
|
|
tags:
|
|
- nginx
|
|
- ips
|
|
|
|
- name: Include IP address whitelist task
|
|
ansible.builtin.include: ip_whitelist.yml
|
|
|
|
- name: Copy evolinux_server_custom
|
|
ansible.builtin.copy:
|
|
src: nginx/snippets/evolinux_server_custom
|
|
dest: /etc/nginx/snippets/evolinux_server_custom
|
|
owner: www-data
|
|
group: www-data
|
|
directory_mode: "0640"
|
|
mode: "0640"
|
|
force: no
|
|
notify: reload nginx
|
|
tags:
|
|
- nginx
|
|
- ips
|
|
|
|
- name: Copy private_htpasswd
|
|
ansible.builtin.copy:
|
|
src: nginx/snippets/private_htpasswd
|
|
dest: /etc/nginx/snippets/private_htpasswd
|
|
owner: www-data
|
|
group: www-data
|
|
directory_mode: "0640"
|
|
mode: "0640"
|
|
force: no
|
|
notify: reload nginx
|
|
tags:
|
|
- nginx
|
|
|
|
- name: add user:pwd to private htpasswd
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/nginx/snippets/private_htpasswd
|
|
line: "{{ item }}"
|
|
state: present
|
|
loop: "{{ nginx_private_htpasswd_present }}"
|
|
notify: reload nginx
|
|
tags:
|
|
- nginx
|
|
|
|
- name: remove user:pwd from private htpasswd
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/nginx/snippets/private_htpasswd
|
|
line: "{{ item }}"
|
|
state: absent
|
|
loop: "{{ nginx_private_htpasswd_absent }}"
|
|
notify: reload nginx
|
|
tags:
|
|
- nginx
|
|
|
|
- name: nginx vhost is installed
|
|
ansible.builtin.template:
|
|
src: "{{ nginx_default_template_regular }}"
|
|
dest: /etc/nginx/sites-available/evolinux-default.conf
|
|
mode: "0640"
|
|
force: "{{ nginx_force_default_template | default(False) }}"
|
|
notify: reload nginx
|
|
tags:
|
|
- nginx
|
|
|
|
- name: default vhost is enabled
|
|
ansible.builtin.file:
|
|
src: /etc/nginx/sites-available/evolinux-default.conf
|
|
dest: /etc/nginx/sites-enabled/default
|
|
state: link
|
|
force: yes
|
|
notify: reload nginx
|
|
when: nginx_evolinux_default_enabled | bool
|
|
tags:
|
|
- nginx
|
|
|
|
- ansible.builtin.include: server_status_write.yml
|
|
tags:
|
|
- nginx
|
|
|
|
- name: Verify that the service is enabled and started
|
|
ansible.builtin.service:
|
|
name: nginx
|
|
enabled: yes
|
|
state: started
|
|
tags:
|
|
- nginx
|
|
|
|
- name: Check if Munin is installed
|
|
ansible.builtin.stat:
|
|
path: /etc/munin/plugin-conf.d/munin-node
|
|
check_mode: no
|
|
register: stat_munin_node
|
|
tags:
|
|
- nginx
|
|
- munin
|
|
|
|
- ansible.builtin.include: munin_vhost.yml
|
|
when: stat_munin_node.stat.exists
|
|
tags:
|
|
- nginx
|
|
- munin
|
|
|
|
- ansible.builtin.include: munin_graphs.yml
|
|
when: stat_munin_node.stat.exists
|
|
tags:
|
|
- nginx
|
|
- munin
|
|
|
|
- ansible.builtin.include: logrotate.yml
|