roles/nginx: made idempotent

2024-11-21 15:00:05 +00:00 · 2023-01-15 21:54:03 -06:00 · 2023-01-15 21:54:03 -06:00 · 1028023b8b
commit 1028023b8b
parent 5e2c4850e1
4 changed files with 20 additions and 25 deletions
--- a/roles/nginx/files/nginx.conf
+++ b/roles/nginx/files/nginx.conf
@ -2,7 +2,7 @@ user www-data;
 worker_processes auto;
 include /etc/nginx/modules-enabled/*.conf;
 pid /run/nginx.pid;
-
+ 
 events {
    worker_connections 768;
 }
--- a/roles/nginx/handlers/main.yml
+++ b/roles/nginx/handlers/main.yml
@ -0,0 +1,4 @@
+---
+- name: setup-nginx
+  include_tasks: setup.yml
+  listen: "setup nginx"
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@ -1,21 +1,9 @@
 ---
-
-# TODO: make idempotent
- name: Remove default nginx config
-  file:
-    name: /etc/nginx/sites-enabled
-    state: absent
-
-# TODO: make idempotent
- name: Restore sites-enabled
-  file:
-    name: /etc/nginx/sites-enabled
-    state: directory
-
 - name: Install system nginx config
  copy:
    src: nginx.conf
    dest: /etc/nginx/nginx.conf
+  notify: setup nginx

 # setup our configs for each host (we don't want to 
 # overwrite certbot's changes, so if it already exists,
@ -26,30 +14,24 @@
    src: templates/site.conf
    dest: /etc/nginx/conf.d/{{ domain }}.conf
    force: no
+  notify: setup nginx

 - name: Install nginx config for git.{{ domain }}
  template:
    src: templates/gitea.conf
    dest: /etc/nginx/conf.d/git.{{ domain }}.conf
    force: no
+  notify: setup nginx

 - name: Install nginx config for our Hidden Service
  template:
    src: templates/tor.conf
    dest: /etc/nginx/conf.d/tor-{{ domain }}.conf
    force: no
+  notify: setup nginx

- name: Reload Nginx to install LetsEncrypt
-  service:
-    name: nginx
-    state: restarted
-
-# certbot is a life saver. thank you certbot devs!
- name: Setup certbot
-  shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d {{ domain }} -d git.{{ domain }}"
-
- name: Reload Nginx with LetsEncrypt installed
+- name: Enable Nginx
  systemd:
    name: nginx
    enabled: yes
-    state: restarted
+    state: started
--- a/roles/nginx/tasks/setup.yml
+++ b/roles/nginx/tasks/setup.yml
@ -0,0 +1,9 @@
+---
+- name: Setup certbot
+  shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d {{ domain }} -d git.{{ domain }}"
+
+- name: Reload Nginx
+  systemd:
+    name: nginx
+    enabled: yes
+    state: restarted