evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 33 Wiki Activity
ansible-roles/nginx/tasks/main.yml
Mathieu Trossevin 7c632352a0
Replace the include module with include_tasks or import_tasks 
The behaviour of the `include` module is badly defined (it try to choose
between statically importing the tasks and dynamically including them)
and can cause problems depending on any number of constraints (mostly if
it choose the wrong behaviour).

Replace it with the `import_tasks` (always statically import tasks) unless
the `include` is in a loop in which case we replace it with
`include_tasks` (always dynamically include tasks).
2023-01-03 14:43:42 +01:00

171 lines
3.6 KiB
YAML
Raw Blame History

---
- debug:
msg: "Nginx minimal mode has been removed, falling back to normal mode."
when: not nginx_minimal | bool
- debug:
msg: "Nginx minimal mode has been set, using minimal mode."
when: nginx_minimal | bool
- import_tasks: packages.yml
- import_tasks: server_status_read.yml
tags:
- nginx
# TODO: find a way to override the main configuration
# without touching the main file
- name: customize worker_connections
lineinfile:
dest: /etc/nginx/nginx.conf
regexp: '^(\s*worker_connections)\s+.+;'
line: ' worker_connections 1024;'
insertafter: 'events \{'
tags:
- nginx
- name: use epoll
lineinfile:
dest: /etc/nginx/nginx.conf
regexp: '^(\s*use)\s+.+;'
line: ' use epoll;'
insertafter: 'events \{'
tags:
- nginx
- name: Install Nginx http configuration
copy:
src: nginx/evolinux-defaults.conf
dest: /etc/nginx/conf.d/z-evolinux-defaults.conf
mode: "0640"
# force: yes
notify: reload nginx
tags:
- nginx
# TODO: verify that those permissions are correct :
# not too strict for ipaddr_whitelist
# and not too loose for private_htpasswd
- name: Copy ipaddr_whitelist
copy:
src: nginx/snippets/ipaddr_whitelist
dest: /etc/nginx/snippets/ipaddr_whitelist
owner: www-data
group: www-data
directory_mode: "0640"
mode: "0640"
force: no
notify: reload nginx
tags:
- nginx
- ips
- name: Include IP address whitelist task
import_tasks: ip_whitelist.yml
- name: Copy evolinux_server_custom
copy:
src: nginx/snippets/evolinux_server_custom
dest: /etc/nginx/snippets/evolinux_server_custom
owner: www-data
group: www-data
directory_mode: "0640"
mode: "0640"
force: no
notify: reload nginx
tags:
- nginx
- ips
- name: Copy private_htpasswd
copy:
src: nginx/snippets/private_htpasswd
dest: /etc/nginx/snippets/private_htpasswd
owner: www-data
group: www-data
directory_mode: "0640"
mode: "0640"
force: no
notify: reload nginx
tags:
- nginx
- name: add user:pwd to private htpasswd
lineinfile:
dest: /etc/nginx/snippets/private_htpasswd
line: "{{ item }}"
state: present
loop: "{{ nginx_private_htpasswd_present }}"
notify: reload nginx
tags:
- nginx
- name: remove user:pwd from private htpasswd
lineinfile:
dest: /etc/nginx/snippets/private_htpasswd
line: "{{ item }}"
state: absent
loop: "{{ nginx_private_htpasswd_absent }}"
notify: reload nginx
tags:
- nginx
- name: nginx vhost is installed
template:
src: "{{ nginx_default_template_regular }}"
dest: /etc/nginx/sites-available/evolinux-default.conf
mode: "0640"
force: "{{ nginx_force_default_template | default(False) }}"
notify: reload nginx
tags:
- nginx
- name: default vhost is enabled
file:
src: /etc/nginx/sites-available/evolinux-default.conf
dest: /etc/nginx/sites-enabled/default
state: link
force: yes
notify: reload nginx
when: nginx_evolinux_default_enabled | bool
tags:
- nginx
- import_tasks: server_status_write.yml
tags:
- nginx
- name: Verify that the service is enabled and started
service:
name: nginx
enabled: yes
state: started
tags:
- nginx
- name: Check if Munin is installed
stat:
path: /etc/munin/plugin-conf.d/munin-node
check_mode: no
register: stat_munin_node
tags:
- nginx
- munin
- import_tasks: munin_vhost.yml
when: stat_munin_node.stat.exists
tags:
- nginx
- munin
- import_tasks: munin_graphs.yml
when: stat_munin_node.stat.exists
tags:
- nginx
- munin
- import_tasks: logrotate.yml
Reference in a new issue View git blame Copy permalink