blob: e3354c7e4dda4a57f3c8d9bd4c4c988ad92e324a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
- name: Install nginx
ansible.builtin.package:
name:
- nginx
state: present
- name: Setup nginx directories
ansible.builtin.file:
path: '{{ item }}'
state: directory
owner: root
group: root
mode: u+rw,g+r,o+r
loop:
- /etc/nginx/auth
- /etc/nginx/includes
- /etc/nginx/sites-available
- /etc/nginx/sites-enabled
- name: Setup nginx serving directory
ansible.builtin.file:
path: /srv/http
state: directory
owner: http
group: http
mode: u+rw,g+rw,o+r
- name: Configure nginx
ansible.builtin.copy:
src: files/nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: u+rw,g+r,o+r
notify:
- Reload nginx
- name: Configure nginx logrotate
ansible.builtin.copy:
src: files/nginx.logrotate
dest: /etc/logrotate.d/nginx
owner: root
group: root
mode: u+rw,g+r,o+r
- name: Copy nginx certificate renewal hook
ansible.builtin.copy:
src: 'files/hooks/{{ item }}/nginx.sh'
dest: '/etc/letsencrypt/renewal-hooks/{{ item }}/nginx.sh'
owner: root
group: root
mode: u+rwx,g+r,o+r
loop:
- pre
- post
# There is no deploy hook and it is intentional. As we currently stop nginx
# before renewal and start it after, so there is no need for reload.
- name: Enable nginx systemd service
ansible.builtin.service:
name: nginx
enabled: yes
state: started
|