62 lines
2.2 KiB
YAML
62 lines
2.2 KiB
YAML
---
|
|
|
|
- name: enable nginx modules
|
|
ansible.builtin.file:
|
|
path: "/etc/nginx/modules-enabled/50-mod-{{ item }}.conf"
|
|
state: link
|
|
src: "/usr/share/nginx/modules-available/mod-{{ item }}.conf"
|
|
owner: root
|
|
group: root
|
|
loop: "{{ nginx_modules }}"
|
|
notify: restart nginx
|
|
|
|
- ansible.builtin.meta: flush_handlers
|
|
|
|
- name: check for tls keypair existence
|
|
ansible.builtin.stat:
|
|
path: "{{ item }}"
|
|
follow: yes
|
|
loop: |
|
|
{%- set files = [] -%}
|
|
{%- for name, site in nginx_sites.items() -%}
|
|
{%- if site.https_enabled | default(nginx_vhost_https_enabled) -%}
|
|
{%- set _x = files.append(site.tls_certfile | default(nginx_tls_certfile)) -%}
|
|
{%- set _x = files.append(site.tls_keyfile | default(nginx_tls_keyfile)) -%}
|
|
{%- endif -%}
|
|
{%- endfor -%}
|
|
{{- files | unique | list -}}
|
|
register: nginx_register_stat_tls_keypairs
|
|
|
|
- name: create nginx document roots
|
|
ansible.builtin.file:
|
|
path: "{{ item.documentroot | default(nginx_vhost_documentroot) }}"
|
|
state: directory
|
|
owner: "{{ item.documentroot_owner | default(nginx_vhost_documentroot_owner) }}"
|
|
group: "{{ item.documentroot_group | default(nginx_vhost_documentroot_group) }}"
|
|
mode: 0755
|
|
loop: "{{ nginx_sites.values() }}"
|
|
|
|
- name: render nginx site configs
|
|
ansible.builtin.template:
|
|
src: etc/nginx/sites-available/site.conf.j2
|
|
dest: "/etc/nginx/sites-available/{{ item.key }}.conf"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
vars:
|
|
name: "{{ item.key }}"
|
|
site: "{{ item.value }}"
|
|
certfile_exists: "{{ (nginx_register_stat_tls_keypairs.results | selectattr('item', 'equalto', (item.value.tls_certfile | default(nginx_tls_certfile)) ))[0].stat.exists }}"
|
|
keyfile_exists: "{{ (nginx_register_stat_tls_keypairs.results | selectattr('item', 'equalto', (item.value.tls_certfile | default(nginx_tls_keyfile)) ))[0].stat.exists }}"
|
|
loop: "{{ nginx_sites | dict2items }}"
|
|
notify: reload nginx
|
|
|
|
- name: enable nginx sites
|
|
ansible.builtin.file:
|
|
path: "/etc/nginx/sites-enabled/{{ item }}.conf"
|
|
state: link
|
|
src: "/etc/nginx/sites-available/{{ item }}.conf"
|
|
owner: root
|
|
group: root
|
|
loop: "{{ nginx_sites.keys() }}"
|
|
notify: reload nginx
|