7c632352a0
The behaviour of the `include` module is badly defined (it try to choose between statically importing the tasks and dynamically including them) and can cause problems depending on any number of constraints (mostly if it choose the wrong behaviour). Replace it with the `import_tasks` (always statically import tasks) unless the `include` is in a loop in which case we replace it with `include_tasks` (always dynamically include tasks).
171 lines
3.6 KiB
YAML
171 lines
3.6 KiB
YAML
---
|
|
|
|
- debug:
|
|
msg: "Nginx minimal mode has been removed, falling back to normal mode."
|
|
when: not nginx_minimal | bool
|
|
|
|
- debug:
|
|
msg: "Nginx minimal mode has been set, using minimal mode."
|
|
when: nginx_minimal | bool
|
|
|
|
- import_tasks: packages.yml
|
|
|
|
- import_tasks: server_status_read.yml
|
|
tags:
|
|
- nginx
|
|
|
|
# TODO: find a way to override the main configuration
|
|
# without touching the main file
|
|
|
|
- name: customize worker_connections
|
|
lineinfile:
|
|
dest: /etc/nginx/nginx.conf
|
|
regexp: '^(\s*worker_connections)\s+.+;'
|
|
line: ' worker_connections 1024;'
|
|
insertafter: 'events \{'
|
|
tags:
|
|
- nginx
|
|
|
|
- name: use epoll
|
|
lineinfile:
|
|
dest: /etc/nginx/nginx.conf
|
|
regexp: '^(\s*use)\s+.+;'
|
|
line: ' use epoll;'
|
|
insertafter: 'events \{'
|
|
tags:
|
|
- nginx
|
|
|
|
- name: Install Nginx http configuration
|
|
copy:
|
|
src: nginx/evolinux-defaults.conf
|
|
dest: /etc/nginx/conf.d/z-evolinux-defaults.conf
|
|
mode: "0640"
|
|
# force: yes
|
|
notify: reload nginx
|
|
tags:
|
|
- nginx
|
|
|
|
# TODO: verify that those permissions are correct :
|
|
# not too strict for ipaddr_whitelist
|
|
# and not too loose for private_htpasswd
|
|
|
|
- name: Copy ipaddr_whitelist
|
|
copy:
|
|
src: nginx/snippets/ipaddr_whitelist
|
|
dest: /etc/nginx/snippets/ipaddr_whitelist
|
|
owner: www-data
|
|
group: www-data
|
|
directory_mode: "0640"
|
|
mode: "0640"
|
|
force: no
|
|
notify: reload nginx
|
|
tags:
|
|
- nginx
|
|
- ips
|
|
|
|
- name: Include IP address whitelist task
|
|
import_tasks: ip_whitelist.yml
|
|
|
|
- name: Copy evolinux_server_custom
|
|
copy:
|
|
src: nginx/snippets/evolinux_server_custom
|
|
dest: /etc/nginx/snippets/evolinux_server_custom
|
|
owner: www-data
|
|
group: www-data
|
|
directory_mode: "0640"
|
|
mode: "0640"
|
|
force: no
|
|
notify: reload nginx
|
|
tags:
|
|
- nginx
|
|
- ips
|
|
|
|
- name: Copy private_htpasswd
|
|
copy:
|
|
src: nginx/snippets/private_htpasswd
|
|
dest: /etc/nginx/snippets/private_htpasswd
|
|
owner: www-data
|
|
group: www-data
|
|
directory_mode: "0640"
|
|
mode: "0640"
|
|
force: no
|
|
notify: reload nginx
|
|
tags:
|
|
- nginx
|
|
|
|
- name: add user:pwd to private htpasswd
|
|
lineinfile:
|
|
dest: /etc/nginx/snippets/private_htpasswd
|
|
line: "{{ item }}"
|
|
state: present
|
|
loop: "{{ nginx_private_htpasswd_present }}"
|
|
notify: reload nginx
|
|
tags:
|
|
- nginx
|
|
|
|
- name: remove user:pwd from private htpasswd
|
|
lineinfile:
|
|
dest: /etc/nginx/snippets/private_htpasswd
|
|
line: "{{ item }}"
|
|
state: absent
|
|
loop: "{{ nginx_private_htpasswd_absent }}"
|
|
notify: reload nginx
|
|
tags:
|
|
- nginx
|
|
|
|
- name: nginx vhost is installed
|
|
template:
|
|
src: "{{ nginx_default_template_regular }}"
|
|
dest: /etc/nginx/sites-available/evolinux-default.conf
|
|
mode: "0640"
|
|
force: "{{ nginx_force_default_template | default(False) }}"
|
|
notify: reload nginx
|
|
tags:
|
|
- nginx
|
|
|
|
- name: default vhost is enabled
|
|
file:
|
|
src: /etc/nginx/sites-available/evolinux-default.conf
|
|
dest: /etc/nginx/sites-enabled/default
|
|
state: link
|
|
force: yes
|
|
notify: reload nginx
|
|
when: nginx_evolinux_default_enabled | bool
|
|
tags:
|
|
- nginx
|
|
|
|
- import_tasks: server_status_write.yml
|
|
tags:
|
|
- nginx
|
|
|
|
- name: Verify that the service is enabled and started
|
|
service:
|
|
name: nginx
|
|
enabled: yes
|
|
state: started
|
|
tags:
|
|
- nginx
|
|
|
|
- name: Check if Munin is installed
|
|
stat:
|
|
path: /etc/munin/plugin-conf.d/munin-node
|
|
check_mode: no
|
|
register: stat_munin_node
|
|
tags:
|
|
- nginx
|
|
- munin
|
|
|
|
- import_tasks: munin_vhost.yml
|
|
when: stat_munin_node.stat.exists
|
|
tags:
|
|
- nginx
|
|
- munin
|
|
|
|
- import_tasks: munin_graphs.yml
|
|
when: stat_munin_node.stat.exists
|
|
tags:
|
|
- nginx
|
|
- munin
|
|
|
|
- import_tasks: logrotate.yml
|