roles/nginx: made idempotent
This commit is contained in:
parent
5e2c4850e1
commit
1028023b8b
|
|
@ -2,7 +2,7 @@ user www-data;
|
|||
worker_processes auto;
|
||||
include /etc/nginx/modules-enabled/*.conf;
|
||||
pid /run/nginx.pid;
|
||||
|
||||
|
||||
events {
|
||||
worker_connections 768;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
- name: setup-nginx
|
||||
include_tasks: setup.yml
|
||||
listen: "setup nginx"
|
||||
|
|
@ -1,21 +1,9 @@
|
|||
---
|
||||
|
||||
# TODO: make idempotent
|
||||
- name: Remove default nginx config
|
||||
file:
|
||||
name: /etc/nginx/sites-enabled
|
||||
state: absent
|
||||
|
||||
# TODO: make idempotent
|
||||
- name: Restore sites-enabled
|
||||
file:
|
||||
name: /etc/nginx/sites-enabled
|
||||
state: directory
|
||||
|
||||
- name: Install system nginx config
|
||||
copy:
|
||||
src: nginx.conf
|
||||
dest: /etc/nginx/nginx.conf
|
||||
notify: setup nginx
|
||||
|
||||
# setup our configs for each host (we don't want to
|
||||
# overwrite certbot's changes, so if it already exists,
|
||||
|
|
@ -26,30 +14,24 @@
|
|||
src: templates/site.conf
|
||||
dest: /etc/nginx/conf.d/{{ domain }}.conf
|
||||
force: no
|
||||
notify: setup nginx
|
||||
|
||||
- name: Install nginx config for git.{{ domain }}
|
||||
template:
|
||||
src: templates/gitea.conf
|
||||
dest: /etc/nginx/conf.d/git.{{ domain }}.conf
|
||||
force: no
|
||||
notify: setup nginx
|
||||
|
||||
- name: Install nginx config for our Hidden Service
|
||||
template:
|
||||
src: templates/tor.conf
|
||||
dest: /etc/nginx/conf.d/tor-{{ domain }}.conf
|
||||
force: no
|
||||
notify: setup nginx
|
||||
|
||||
- name: Reload Nginx to install LetsEncrypt
|
||||
service:
|
||||
name: nginx
|
||||
state: restarted
|
||||
|
||||
# certbot is a life saver. thank you certbot devs!
|
||||
- name: Setup certbot
|
||||
shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d {{ domain }} -d git.{{ domain }}"
|
||||
|
||||
- name: Reload Nginx with LetsEncrypt installed
|
||||
- name: Enable Nginx
|
||||
systemd:
|
||||
name: nginx
|
||||
enabled: yes
|
||||
state: restarted
|
||||
state: started
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
- name: Setup certbot
|
||||
shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d {{ domain }} -d git.{{ domain }}"
|
||||
|
||||
- name: Reload Nginx
|
||||
systemd:
|
||||
name: nginx
|
||||
enabled: yes
|
||||
state: restarted
|
||||
Loading…
Reference in New Issue