OpenPunk
/
openpunk-ansible
mirror of https://github.com/CPunch/openpunk-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

roles/nginx: made idempotent

This commit is contained in:
CPunch 2023-01-15 21:54:03 -06:00
parent 5e2c4850e1
commit 1028023b8b
4 changed files with 20 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/nginx/files/nginx.conf
View File

@ -2,7 +2,7 @@ user www-data;
worker_processes auto; worker_processes auto;
include /etc/nginx/modules-enabled/*.conf; include /etc/nginx/modules-enabled/*.conf;
pid /run/nginx.pid; pid /run/nginx.pid;
events { events {
worker_connections 768; worker_connections 768;
} }

4
roles/nginx/handlers/main.yml Normal file
View File

@ -0,0 +1,4 @@
---
- name: setup-nginx
include_tasks: setup.yml
listen: "setup nginx"

30
roles/nginx/tasks/main.yml
View File

@ -1,21 +1,9 @@
--- ---
# TODO: make idempotent
- name: Remove default nginx config
file:
name: /etc/nginx/sites-enabled
state: absent
# TODO: make idempotent
- name: Restore sites-enabled
file:
name: /etc/nginx/sites-enabled
state: directory
- name: Install system nginx config - name: Install system nginx config
copy: copy:
src: nginx.conf src: nginx.conf
dest: /etc/nginx/nginx.conf dest: /etc/nginx/nginx.conf
notify: setup nginx
# setup our configs for each host (we don't want to # setup our configs for each host (we don't want to
# overwrite certbot's changes, so if it already exists, # overwrite certbot's changes, so if it already exists,
@ -26,30 +14,24 @@
src: templates/site.conf src: templates/site.conf
dest: /etc/nginx/conf.d/{{ domain }}.conf dest: /etc/nginx/conf.d/{{ domain }}.conf
force: no force: no
notify: setup nginx
- name: Install nginx config for git.{{ domain }} - name: Install nginx config for git.{{ domain }}
template: template:
src: templates/gitea.conf src: templates/gitea.conf
dest: /etc/nginx/conf.d/git.{{ domain }}.conf dest: /etc/nginx/conf.d/git.{{ domain }}.conf
force: no force: no
notify: setup nginx
- name: Install nginx config for our Hidden Service - name: Install nginx config for our Hidden Service
template: template:
src: templates/tor.conf src: templates/tor.conf
dest: /etc/nginx/conf.d/tor-{{ domain }}.conf dest: /etc/nginx/conf.d/tor-{{ domain }}.conf
force: no force: no
notify: setup nginx
- name: Reload Nginx to install LetsEncrypt - name: Enable Nginx
service:
name: nginx
state: restarted
# certbot is a life saver. thank you certbot devs!
- name: Setup certbot
shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d {{ domain }} -d git.{{ domain }}"
- name: Reload Nginx with LetsEncrypt installed
systemd: systemd:
name: nginx name: nginx
enabled: yes enabled: yes
state: restarted state: started

9
roles/nginx/tasks/setup.yml Normal file
View File

@ -0,0 +1,9 @@
---
- name: Setup certbot
shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d {{ domain }} -d git.{{ domain }}"
- name: Reload Nginx
systemd:
name: nginx
enabled: yes
state: restarted