Add basic tasks for nginx setup

5 files changed, 95 insertions, 0 deletions

diff --git a/roles/web/files/nginx.conf b/roles/web/files/nginx.conf
new file mode 100644
index 0000000..ce8302d
--- /dev/null
+++ b/roles/web/files/nginx.conf
@@ -0,0 +1,55 @@
+# Run workers under http user.
+user http;
+
+# Set number of worker processes to number of available CPU cores.
+worker_processes 1;
+
+# Log errors in a separate file.
+error_log /var/log/nginx/error.log;
+
+# Write a PID-file.
+pid /run/nginx.pid;
+
+
+events {
+    # Maximum number of simultaneous connections that can be opened by a worker
+    # process.
+    # worker_connections 512;
+}
+
+
+http {
+    include mime.types;
+    default_type application/octet-stream;
+
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+
+    # Use log_format defined above.
+    access_log /var/log/nginx/access.log main;
+
+    # Enable use of sendfile.
+    sendfile on;
+
+    # Set keepalive timeout to 65 seconds.
+    keepalive_timeout 65;
+
+    # Set types_hash_max_size to 2048 to avoid warning in logs.
+    types_hash_max_size 4096;
+
+    # Load configs for all enabled sites.
+    include /etc/nginx/sites-enabled/*;
+
+    server {
+        # Listen on port 80 and become a default server.
+        listen 80;
+        listen [::]:80 default_server;
+
+        # Serve as a default server block.
+        server_name _;
+
+        # Redirect any non-matched request to default page.
+        return 301 https://ilvokhin.com$request_uri;
+    }
+}
diff --git a/roles/web/handlers/main.yml b/roles/web/handlers/main.yml
new file mode 100644
index 0000000..58b30be
--- /dev/null
+++ b/roles/web/handlers/main.yml
@@ -0,0 +1 @@
+- ansible.builtin.import_tasks: roles/web/handlers/nginx.yml
diff --git a/roles/web/handlers/nginx.yml b/roles/web/handlers/nginx.yml
new file mode 100644
index 0000000..c10ab50
--- /dev/null
+++ b/roles/web/handlers/nginx.yml
@@ -0,0 +1,4 @@
+- name: Reload nginx
+  ansible.builtin.service:
+    name: nginx
+    state: reloaded
diff --git a/roles/web/tasks/main.yml b/roles/web/tasks/main.yml
new file mode 100644
index 0000000..8fa22b1
--- /dev/null
+++ b/roles/web/tasks/main.yml
@@ -0,0 +1 @@
+- ansible.builtin.import_tasks: roles/web/tasks/nginx.yml
diff --git a/roles/web/tasks/nginx.yml b/roles/web/tasks/nginx.yml
new file mode 100644
index 0000000..6348b24
--- /dev/null
+++ b/roles/web/tasks/nginx.yml
@@ -0,0 +1,34 @@
+- name: Install nginx
+  ansible.builtin.package:
+    name:
+      - nginx
+    state: present
+
+- name: Enable nginx systemd unit 
+  ansible.builtin.service:
+    name: nginx
+    enabled: yes
+    state: started
+
+- name: Setup sites directories to serve by nginx
+  ansible.builtin.file:
+    path: '{{ item }}'
+    state: directory
+    owner: root
+    group: root
+    mode: u+rw,g+r,o+r
+  loop:
+    - /etc/nginx/sites-available
+    - /etc/nginx/sites-enabled
+
+- name: Configure nginx
+  ansible.builtin.copy:
+    src: roles/web/files/nginx.conf
+    dest: /etc/nginx/nginx.conf
+    owner: root
+    group: root
+    mode: u+rw,g+,o+r
+  notify:
+    - Reload nginx
+
+# TODO: logrotate