ansible-collection-webserver/roles/nginx/tasks/config.yml

---

- name: enable nginx modules
  ansible.builtin.file:
    path: "/etc/nginx/modules-enabled/50-mod-{{ item }}.conf"
    state: link
    src: "/usr/share/nginx/modules-available/mod-{{ item }}.conf"
    owner: root
    group: root
  loop: "{{ nginx_modules }}"
  notify: restart nginx

- ansible.builtin.meta: flush_handlers

- name: check for tls keypair existence
  ansible.builtin.stat:
    path: "{{ item  }}"
    follow: yes
  loop: |
    {%- set files = [] -%}
    {%- for name, site in nginx_sites.items() -%}
    {%- if site.https_enabled | default(nginx_vhost_https_enabled) -%}
    {%- set _x = files.append(site.tls_certfile | default(nginx_tls_certfile)) -%}
    {%- set _x = files.append(site.tls_keyfile | default(nginx_tls_keyfile)) -%}
    {%- endif -%}
    {%- endfor -%}
    {{- files | unique | list -}}
  register: nginx_register_stat_tls_keypairs

- name: create nginx document roots
  ansible.builtin.file:
    path: "{{ item.documentroot | default(nginx_vhost_documentroot) }}"
    state: directory
    owner: www-data
    group: www-data
    mode: 0755
  loop: "{{ nginx_sites.values() }}"
  
- name: render nginx site configs
  ansible.builtin.template:
    src: etc/nginx/sites-available/site.conf.j2
    dest: "/etc/nginx/sites-available/{{ item.key }}.conf"
    owner: root
    group: root
    mode: 0644
  vars:
    name: "{{ item.key }}"
    site: "{{ item.value }}"
    certfile_exists: "{{ (nginx_register_stat_tls_keypairs.results | selectattr('item', 'equalto', (item.value.tls_certfile | default(nginx_tls_certfile)) ))[0].stat.exists }}"
    keyfile_exists: "{{ (nginx_register_stat_tls_keypairs.results | selectattr('item', 'equalto', (item.value.tls_certfile | default(nginx_tls_keyfile)) ))[0].stat.exists }}"
  loop: "{{ nginx_sites | dict2items }}"
  notify: reload nginx

- name: enable nginx sites
  ansible.builtin.file:
    path: "/etc/nginx/sites-enabled/{{ item }}.conf"
    state: link
    src: "/etc/nginx/sites-available/{{ item }}.conf"
    owner: root
    group: root
  loop: "{{ nginx_sites.keys() }}"
  notify: reload nginx
Add experimental nginx role 2022-02-26 04:19:44 +01:00			`---`

			`- name: enable nginx modules`
			`ansible.builtin.file:`
			`path: "/etc/nginx/modules-enabled/50-mod-{{ item }}.conf"`
			`state: link`
			`src: "/usr/share/nginx/modules-available/mod-{{ item }}.conf"`
			`owner: root`
			`group: root`
			`loop: "{{ nginx_modules }}"`
			`notify: restart nginx`

			`- ansible.builtin.meta: flush_handlers`

			`- name: check for tls keypair existence`
			`ansible.builtin.stat:`
			`path: "{{ item }}"`
			`follow: yes`
			`loop: \|`
			`{%- set files = [] -%}`
			`{%- for name, site in nginx_sites.items() -%}`
			`{%- if site.https_enabled \| default(nginx_vhost_https_enabled) -%}`
			`{%- set _x = files.append(site.tls_certfile \| default(nginx_tls_certfile)) -%}`
			`{%- set _x = files.append(site.tls_keyfile \| default(nginx_tls_keyfile)) -%}`
			`{%- endif -%}`
			`{%- endfor -%}`
			`{{- files \| unique \| list -}}`
			`register: nginx_register_stat_tls_keypairs`

			`- name: create nginx document roots`
			`ansible.builtin.file:`
			`path: "{{ item.documentroot \| default(nginx_vhost_documentroot) }}"`
			`state: directory`
			`owner: www-data`
			`group: www-data`
			`mode: 0755`
			`loop: "{{ nginx_sites.values() }}"`

			`- name: render nginx site configs`
			`ansible.builtin.template:`
			`src: etc/nginx/sites-available/site.conf.j2`
			`dest: "/etc/nginx/sites-available/{{ item.key }}.conf"`
			`owner: root`
			`group: root`
			`mode: 0644`
			`vars:`
			`name: "{{ item.key }}"`
			`site: "{{ item.value }}"`
			`certfile_exists: "{{ (nginx_register_stat_tls_keypairs.results \| selectattr('item', 'equalto', (item.value.tls_certfile \| default(nginx_tls_certfile)) ))[0].stat.exists }}"`
			`keyfile_exists: "{{ (nginx_register_stat_tls_keypairs.results \| selectattr('item', 'equalto', (item.value.tls_certfile \| default(nginx_tls_keyfile)) ))[0].stat.exists }}"`
			`loop: "{{ nginx_sites \| dict2items }}"`
			`notify: reload nginx`

			`- name: enable nginx sites`
			`ansible.builtin.file:`
			`path: "/etc/nginx/sites-enabled/{{ item }}.conf"`
			`state: link`
			`src: "/etc/nginx/sites-available/{{ item }}.conf"`
			`owner: root`
			`group: root`
			`loop: "{{ nginx_sites.keys() }}"`
			`notify: reload nginx`