diff --git a/roles/caddy/tasks/main.yml b/roles/caddy/tasks/main.yml index dfe43e7..2804dff 100644 --- a/roles/caddy/tasks/main.yml +++ b/roles/caddy/tasks/main.yml @@ -18,7 +18,7 @@ dest: /etc/apt/keyrings/caddy-stable-archive-keyring.key owner: root group: root - mode: 0644 + mode: "0644" register: download_caddy_signing_key when: not caddy_signing_key_stat.stat.exists tags: @@ -27,7 +27,7 @@ - name: Add Caddy stable repo ansible.builtin.apt_repository: - repo: 'deb [signed-by=/etc/apt/keyrings/caddy-stable-archive-keyring.key] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main' + repo: deb [signed-by=/etc/apt/keyrings/caddy-stable-archive-keyring.key] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main filename: caddy-stable state: present register: add_caddy_apt_repository @@ -38,9 +38,7 @@ - name: Update apt cache ansible.builtin.apt: # noqa no-handler update_cache: true - when: - (download_caddy_signing_key.status_code is defined and download_caddy_signing_key.status_code == 200) or - add_caddy_apt_repository is changed + when: (download_caddy_signing_key.status_code is defined and download_caddy_signing_key.status_code == 200) or add_caddy_apt_repository is changed tags: - packages - caddy @@ -59,7 +57,7 @@ ansible.builtin.template: src: etc/caddy/Caddyfile.j2 dest: /etc/caddy/Caddyfile - mode: 0755 + mode: "0755" owner: root group: root notify: @@ -70,7 +68,7 @@ ansible.builtin.file: path: /etc/caddy/conf.d state: directory - mode: 0755 + mode: "0755" owner: root group: root diff --git a/roles/caddy/tasks/vhosts.yml b/roles/caddy/tasks/vhosts.yml index baf9303..c8807f5 100644 --- a/roles/caddy/tasks/vhosts.yml +++ b/roles/caddy/tasks/vhosts.yml @@ -1,10 +1,9 @@ --- - - name: Configure vhosts ansible.builtin.template: src: etc/caddy/conf.d/vhost.j2 dest: /etc/caddy/conf.d/{{ item.domain_name }} - mode: 0644 + mode: "0644" owner: root group: root loop: "{{ nginx_vhosts }}" diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml index 13afb92..aae3641 100644 --- a/roles/mariadb/tasks/main.yml +++ b/roles/mariadb/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Remove MariaDB key from apt-key ansible.builtin.apt_key: - id: 0x177F4010FE56CA3336300305F1656F24C74CD1D8 + id: "013577200103762554506315430003013705453362230723150730" state: absent tags: - packages @@ -21,7 +21,7 @@ dest: /etc/apt/keyrings/mariadb_release_signing_key.asc owner: root group: root - mode: 0644 + mode: "0644" register: download_mariadb_signing_key when: not mariadb_signing_key_stat.stat.exists tags: @@ -30,7 +30,8 @@ - name: Add MariaDB 10.6 repo ansible.builtin.apt_repository: - repo: 'deb [arch=amd64 signed-by=/etc/apt/keyrings/mariadb_release_signing_key.asc] https://dlm.mariadb.com/repo/mariadb-server/10.6/repo/debian {{ ansible_distribution_release }} main' + repo: deb [arch=amd64 signed-by=/etc/apt/keyrings/mariadb_release_signing_key.asc] https://dlm.mariadb.com/repo/mariadb-server/10.6/repo/debian {{ ansible_distribution_release + }} main filename: mariadb state: present register: add_mariadb_apt_repository @@ -41,16 +42,14 @@ - name: Update apt cache ansible.builtin.apt: # noqa no-handler update_cache: true - when: - (download_mariadb_signing_key.status_code is defined and download_mariadb_signing_key.status_code == 200) or - add_mariadb_apt_repository is changed + when: (download_mariadb_signing_key.status_code is defined and download_mariadb_signing_key.status_code == 200) or add_mariadb_apt_repository is changed tags: - packages - mariadb - name: Install mariadb-server ansible.builtin.apt: - name: ['mariadb-server', 'python3-pymysql'] + name: [mariadb-server, python3-pymysql] state: present cache_valid_time: 3600 tags: mariadb, packages @@ -61,7 +60,7 @@ dest: /etc/mysql/my.cnf owner: root group: root - mode: 0644 + mode: "0644" notify: - restart mariadb tags: mariadb @@ -83,7 +82,7 @@ src: .my.cnf.j2 dest: /root/.my.cnf owner: root - mode: 0600 + mode: "0600" tags: mariadb # See: https://docs.ansible.com/ansible/latest/collections/community/mysql/mysql_db_module.html diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml index aefe7fa..84c2dbc 100644 --- a/roles/nginx/defaults/main.yml +++ b/roles/nginx/defaults/main.yml @@ -14,11 +14,11 @@ nginx_ssl_session_cache: shared:SSL:10m # 1400 bytes to fit in one MTU (default is 16k!) nginx_ssl_buffer_size: 1400 nginx_ssl_dhparam: /etc/ssl/certs/dhparam.pem -nginx_ssl_protocols: 'TLSv1.2 TLSv1.3' +nginx_ssl_protocols: TLSv1.2 TLSv1.3 # DNS resolvers for OCSP stapling (default to Cloudflare public DNS) # See: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling -nginx_ssl_stapling_resolver: '1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001]' +nginx_ssl_stapling_resolver: 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] # HTTP Strict-Transport-Security header, recommended by Google to be ~1 year # in seconds, see: https://hstspreload.org/ diff --git a/roles/nginx/tasks/letsencrypt.yml b/roles/nginx/tasks/letsencrypt.yml index 03653ce..45dd77e 100644 --- a/roles/nginx/tasks/letsencrypt.yml +++ b/roles/nginx/tasks/letsencrypt.yml @@ -1,91 +1,90 @@ --- - # Use acme.sh instead of certbot because they only support installation via # snap now. - block: - - name: Remove certbot - ansible.builtin.apt: - name: certbot - state: absent + - name: Remove certbot + ansible.builtin.apt: + name: certbot + state: absent - - name: Remove old certbot post and pre hooks for nginx - ansible.builtin.file: - dest: "{{ item }}" - state: absent - with_items: - - /etc/letsencrypt/renewal-hooks/pre/stop-nginx.sh - - /etc/letsencrypt/renewal-hooks/post/start-nginx.sh + - name: Remove old certbot post and pre hooks for nginx + ansible.builtin.file: + dest: "{{ item }}" + state: absent + with_items: + - /etc/letsencrypt/renewal-hooks/pre/stop-nginx.sh + - /etc/letsencrypt/renewal-hooks/post/start-nginx.sh - - name: Check if acme.sh is installed - ansible.builtin.stat: - path: "{{ letsencrypt_acme_home }}" - register: acme_home + - name: Check if acme.sh is installed + ansible.builtin.stat: + path: "{{ letsencrypt_acme_home }}" + register: acme_home - - name: Download acme.sh - ansible.builtin.get_url: - url: https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh - dest: "{{ letsencrypt_acme_script_temp }}" - mode: 0700 - register: acme_download - when: not acme_home.stat.exists + - name: Download acme.sh + ansible.builtin.get_url: + url: https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh + dest: "{{ letsencrypt_acme_script_temp }}" + mode: "0700" + register: acme_download + when: not acme_home.stat.exists - # Run the "install" for acme.sh so it creates the .acme.sh dir (currently I - # have to chdir to the /root directory where the script exists or else it - # fails. Ansible runs it, but the script can't find itself...). - - name: Install acme.sh - ansible.builtin.command: - cmd: "{{ letsencrypt_acme_script_temp }} --install --no-profile --no-cron" - creates: "{{ letsencrypt_acme_home }}/acme.sh" - chdir: /root - register: acme_install - when: acme_download is changed + # Run the "install" for acme.sh so it creates the .acme.sh dir (currently I + # have to chdir to the /root directory where the script exists or else it + # fails. Ansible runs it, but the script can't find itself...). + - name: Install acme.sh + ansible.builtin.command: + cmd: "{{ letsencrypt_acme_script_temp }} --install --no-profile --no-cron" + creates: "{{ letsencrypt_acme_home }}/acme.sh" + chdir: /root + register: acme_install + when: acme_download is changed - - name: Remove temporary acme.sh script - ansible.builtin.file: - dest: "{{ letsencrypt_acme_script_temp }}" - state: absent - when: - - acme_install.rc is defined - - acme_install.rc == 0 + - name: Remove temporary acme.sh script + ansible.builtin.file: + dest: "{{ letsencrypt_acme_script_temp }}" + state: absent + when: + - acme_install.rc is defined + - acme_install.rc == 0 - - name: Set default certificate authority for acme.sh - ansible.builtin.command: - cmd: "{{ letsencrypt_acme_home }}/acme.sh --set-default-ca --server letsencrypt" + - name: Set default certificate authority for acme.sh + ansible.builtin.command: + cmd: "{{ letsencrypt_acme_home }}/acme.sh --set-default-ca --server letsencrypt" - - name: Prepare Let's Encrypt well-known directory - ansible.builtin.file: - state: directory - path: /var/lib/letsencrypt/.well-known - owner: root - group: nginx - mode: g+s + - name: Prepare Let's Encrypt well-known directory + ansible.builtin.file: + state: directory + path: /var/lib/letsencrypt/.well-known + owner: root + group: nginx + mode: g+s - - name: Copy systemd service to renew Let's Encrypt certs - ansible.builtin.template: - src: renew-letsencrypt.service.j2 - dest: /etc/systemd/system/renew-letsencrypt.service - mode: 0644 - owner: root - group: root + - name: Copy systemd service to renew Let's Encrypt certs + ansible.builtin.template: + src: renew-letsencrypt.service.j2 + dest: /etc/systemd/system/renew-letsencrypt.service + mode: "0644" + owner: root + group: root - - name: Copy systemd timer to renew Let's Encrypt certs - ansible.builtin.copy: - src: renew-letsencrypt.timer - dest: /etc/systemd/system/renew-letsencrypt.timer - mode: 0644 - owner: root - group: root + - name: Copy systemd timer to renew Let's Encrypt certs + ansible.builtin.copy: + src: renew-letsencrypt.timer + dest: /etc/systemd/system/renew-letsencrypt.timer + mode: "0644" + owner: root + group: root - # always issues daemon-reload just in case the service/timer changed - - name: Start and enable systemd timer to renew Let's Encrypt certs - ansible.builtin.systemd: - name: renew-letsencrypt.timer - state: started - enabled: true - daemon_reload: true + # always issues daemon-reload just in case the service/timer changed + - name: Start and enable systemd timer to renew Let's Encrypt certs + ansible.builtin.systemd: + name: renew-letsencrypt.timer + state: started + enabled: true + daemon_reload: true - when: (ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '==')) - or (ansible_distribution == 'Debian' and ansible_distribution_version is version('11', '>=')) + when: (ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '==')) or (ansible_distribution == 'Debian' and ansible_distribution_version + is version('11', '>=')) tags: letsencrypt # vim: set ts=2 sw=2: diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index ea0c9f5..5c00bfb 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Remove nginx apt signing key from apt-key ansible.builtin.apt_key: - id: 0x573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 + id: "053473772654754373614404074646527257655730117366337542" state: absent tags: - packages @@ -21,7 +21,7 @@ dest: /usr/share/keyrings/nginx_signing.key owner: root group: root - mode: 0644 + mode: "0644" register: download_nginx_signing_key when: not nginx_signing_key_stat.stat.exists tags: @@ -34,7 +34,7 @@ dest: /etc/apt/sources.list.d/nginx_org_sources.list owner: root group: root - mode: 0644 + mode: "0644" register: add_nginx_apt_repository tags: - nginx @@ -43,9 +43,7 @@ - name: Update apt cache ansible.builtin.apt: # noqa no-handler update_cache: true - when: - (download_nginx_signing_key.status_code is defined and download_nginx_signing_key.status_code == 200) or - add_nginx_apt_repository is changed + when: (download_nginx_signing_key.status_code is defined and download_nginx_signing_key.status_code == 200) or add_nginx_apt_repository is changed - name: Install nginx ansible.builtin.apt: @@ -60,7 +58,7 @@ ansible.builtin.template: src: nginx.conf.j2 dest: /etc/nginx/nginx.conf - mode: 0644 + mode: "0644" owner: root group: root notify: @@ -70,8 +68,8 @@ - name: Copy extra nginx configs ansible.builtin.copy: src: "{{ item }}" - dest: "/etc/nginx/{{ item }}" - mode: 0644 + dest: /etc/nginx/{{ item }} + mode: "0644" owner: root group: root loop: @@ -93,7 +91,7 @@ state: directory owner: nginx group: nginx - mode: 0755 + mode: "0755" tags: nginx - name: Configure nginx virtual hosts @@ -110,7 +108,7 @@ ansible.builtin.template: src: blank-vhost.conf.j2 dest: "{{ nginx_confd_path }}/blank-vhost.conf" - mode: 0644 + mode: "0644" owner: root group: root notify: @@ -121,7 +119,7 @@ ansible.builtin.copy: src: munin.conf dest: /etc/nginx/conf.d/munin.conf - mode: 0644 + mode: "0644" owner: root group: root notify: diff --git a/roles/nginx/tasks/vhosts.yml b/roles/nginx/tasks/vhosts.yml index 66e6024..1121ac5 100644 --- a/roles/nginx/tasks/vhosts.yml +++ b/roles/nginx/tasks/vhosts.yml @@ -1,29 +1,29 @@ --- - - block: - - name: Configure https vhosts - ansible.builtin.template: src=vhost.conf.j2 dest={{ nginx_confd_path }}/{{ item.domain_name }}.conf mode=0644 owner=root group=root - loop: "{{ nginx_vhosts }}" - notify: - - reload nginx + - name: Configure https vhosts + ansible.builtin.template: src=vhost.conf.j2 dest={{ nginx_confd_path }}/{{ item.domain_name }}.conf mode=0644 owner=root group=root + loop: "{{ nginx_vhosts }}" + notify: + - reload nginx - - name: Generate self-signed TLS cert - ansible.builtin.command: openssl req -x509 -nodes -sha256 -days 365 -subj "/C=SO/ST=SO/L=snakeoil/O=snakeoil/CN=snakeoil" -newkey rsa:2048 -keyout /etc/ssl/private/nginx-snakeoil.key -out /etc/ssl/certs/nginx-snakeoil.crt -extensions v3_ca creates=/etc/ssl/certs/nginx-snakeoil.crt - notify: - - reload nginx + - name: Generate self-signed TLS cert + ansible.builtin.command: openssl req -x509 -nodes -sha256 -days 365 -subj "/C=SO/ST=SO/L=snakeoil/O=snakeoil/CN=snakeoil" -newkey rsa:2048 -keyout /etc/ssl/private/nginx-snakeoil.key + -out /etc/ssl/certs/nginx-snakeoil.crt -extensions v3_ca creates=/etc/ssl/certs/nginx-snakeoil.crt + notify: + - reload nginx - - name: Download 4096-bit RFC 7919 dhparams - ansible.builtin.get_url: - url: https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe4096.pem - checksum: sha256:64852d6890ff9e62eecd1ee89c72af9af244dfef5b853bcedea3dfd7aade22b3 - dest: "{{ nginx_ssl_dhparam }}" - notify: - - reload nginx + - name: Download 4096-bit RFC 7919 dhparams + ansible.builtin.get_url: + url: https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe4096.pem + checksum: sha256:64852d6890ff9e62eecd1ee89c72af9af244dfef5b853bcedea3dfd7aade22b3 + dest: "{{ nginx_ssl_dhparam }}" + notify: + - reload nginx - # TODO: this could break because we can override the document root in host vars - - name: Create vhost document roots - ansible.builtin.file: path={{ nginx_root_prefix }}/{{ item.domain_name }} state=directory mode=0755 owner=nginx group=nginx - loop: "{{ nginx_vhosts }}" + # TODO: this could break because we can override the document root in host vars + - name: Create vhost document roots + ansible.builtin.file: path={{ nginx_root_prefix }}/{{ item.domain_name }} state=directory mode=0755 owner=nginx group=nginx + loop: "{{ nginx_vhosts }}" tags: nginx # vim: set ts=2 sw=2: diff --git a/roles/nginx/tasks/wordpress.yml b/roles/nginx/tasks/wordpress.yml index 0f376b3..09d08f6 100644 --- a/roles/nginx/tasks/wordpress.yml +++ b/roles/nginx/tasks/wordpress.yml @@ -1,19 +1,19 @@ --- - - block: - - name: Install WordPress - ansible.builtin.git: repo=https://github.com/WordPress/WordPress.git dest={{ nginx_root_prefix }}/{{ item.domain_name }}/wordpress version={{ item.wordpress_version }} depth=1 force=true - when: - - item.has_wordpress is defined - - item.has_wordpress - loop: "{{ nginx_vhosts }}" + - name: Install WordPress + ansible.builtin.git: repo=https://github.com/WordPress/WordPress.git dest={{ nginx_root_prefix }}/{{ item.domain_name }}/wordpress version={{ item.wordpress_version + }} depth=1 force=true + when: + - item.has_wordpress is defined + - item.has_wordpress + loop: "{{ nginx_vhosts }}" - - name: Fix WordPress directory permissions - ansible.builtin.file: path={{ nginx_root_prefix }}/{{ item.domain_name }} state=directory owner=nginx group=nginx recurse=true - when: - - item.has_wordpress is defined - - item.has_wordpress - loop: "{{ nginx_vhosts }}" + - name: Fix WordPress directory permissions + ansible.builtin.file: path={{ nginx_root_prefix }}/{{ item.domain_name }} state=directory owner=nginx group=nginx recurse=true + when: + - item.has_wordpress is defined + - item.has_wordpress + loop: "{{ nginx_vhosts }}" tags: wordpress # vim: set ts=2 sw=2: diff --git a/roles/php-fpm/tasks/Debian_12.yml b/roles/php-fpm/tasks/Debian_12.yml index 9a0786c..fb95829 100644 --- a/roles/php-fpm/tasks/Debian_12.yml +++ b/roles/php-fpm/tasks/Debian_12.yml @@ -1,49 +1,48 @@ --- - - block: - - name: Set php-fpm packages - ansible.builtin.set_fact: - php_fpm_packages: - - php8.2-fpm - # for WordPress - - php8.2-mysql - - php8.2-gd - - php8.2-curl - - php8.2-xml + - name: Set php-fpm packages + ansible.builtin.set_fact: + php_fpm_packages: + - php8.2-fpm + # for WordPress + - php8.2-mysql + - php8.2-gd + - php8.2-curl + - php8.2-xml - - name: Install php-fpm and deps - ansible.builtin.apt: - name: "{{ php_fpm_packages }}" - state: present - update_cache: true + - name: Install php-fpm and deps + ansible.builtin.apt: + name: "{{ php_fpm_packages }}" + state: present + update_cache: true - # only copy php-fpm config for vhosts that need WordPress or PHP - - name: Copy php-fpm pool config - ansible.builtin.template: - src: php8.2-pool.conf.j2 - dest: /etc/php/8.2/fpm/pool.d/{{ item.domain_name }}.conf - owner: root - group: root - mode: 0644 - loop: "{{ nginx_vhosts }}" - when: (item.has_wordpress is defined and item.has_wordpress) or (item.needs_php is defined and item.needs_php) - notify: reload php8.2-fpm + # only copy php-fpm config for vhosts that need WordPress or PHP + - name: Copy php-fpm pool config + ansible.builtin.template: + src: php8.2-pool.conf.j2 + dest: /etc/php/8.2/fpm/pool.d/{{ item.domain_name }}.conf + owner: root + group: root + mode: "0644" + loop: "{{ nginx_vhosts }}" + when: (item.has_wordpress is defined and item.has_wordpress) or (item.needs_php is defined and item.needs_php) + notify: reload php8.2-fpm - - name: Remove default www pool - ansible.builtin.file: - path: /etc/php/8.2/fpm/pool.d/www.conf - state: absent - notify: reload php8.2-fpm + - name: Remove default www pool + ansible.builtin.file: + path: /etc/php/8.2/fpm/pool.d/www.conf + state: absent + notify: reload php8.2-fpm - # re-configure php.ini - - name: Update php.ini - ansible.builtin.template: - src: php8.2-php.ini.j2 - dest: /etc/php/8.2/fpm/php.ini - owner: root - group: root - mode: 0644 - notify: reload php8.2-fpm + # re-configure php.ini + - name: Update php.ini + ansible.builtin.template: + src: php8.2-php.ini.j2 + dest: /etc/php/8.2/fpm/php.ini + owner: root + group: root + mode: "0644" + notify: reload php8.2-fpm tags: php-fpm when: install_php diff --git a/roles/php-fpm/tasks/Ubuntu_20.04.yml b/roles/php-fpm/tasks/Ubuntu_20.04.yml index 5195978..661b8a2 100644 --- a/roles/php-fpm/tasks/Ubuntu_20.04.yml +++ b/roles/php-fpm/tasks/Ubuntu_20.04.yml @@ -1,34 +1,33 @@ --- - - block: - - name: Set php-fpm packages - ansible.builtin.set_fact: - php_fpm_packages: - - php7.4-fpm - # for WordPress - - php7.4-mysql - - php7.4-gd - - php7.4-curl - - php7.4-xml + - name: Set php-fpm packages + ansible.builtin.set_fact: + php_fpm_packages: + - php7.4-fpm + # for WordPress + - php7.4-mysql + - php7.4-gd + - php7.4-curl + - php7.4-xml - - name: Install php-fpm and deps - ansible.builtin.apt: name={{ php_fpm_packages }} state=present update_cache=true + - name: Install php-fpm and deps + ansible.builtin.apt: name={{ php_fpm_packages }} state=present update_cache=true - # only copy php-fpm config for vhosts that need WordPress or PHP - - name: Copy php-fpm pool config - ansible.builtin.template: src=php7.4-pool.conf.j2 dest=/etc/php/7.4/fpm/pool.d/{{ item.domain_name }}.conf owner=root group=root mode=0644 - loop: "{{ nginx_vhosts }}" - when: (item.has_wordpress is defined and item.has_wordpress) or (item.needs_php is defined and item.needs_php) - notify: reload php7.4-fpm + # only copy php-fpm config for vhosts that need WordPress or PHP + - name: Copy php-fpm pool config + ansible.builtin.template: src=php7.4-pool.conf.j2 dest=/etc/php/7.4/fpm/pool.d/{{ item.domain_name }}.conf owner=root group=root mode=0644 + loop: "{{ nginx_vhosts }}" + when: (item.has_wordpress is defined and item.has_wordpress) or (item.needs_php is defined and item.needs_php) + notify: reload php7.4-fpm - - name: Remove default www pool - ansible.builtin.file: path=/etc/php/7.4/fpm/pool.d/www.conf state=absent - notify: reload php7.4-fpm + - name: Remove default www pool + ansible.builtin.file: path=/etc/php/7.4/fpm/pool.d/www.conf state=absent + notify: reload php7.4-fpm - # re-configure php.ini - - name: Update php.ini - ansible.builtin.template: src=php7.4-php.ini.j2 dest=/etc/php/7.4/fpm/php.ini owner=root group=root mode=0644 - notify: reload php7.4-fpm + # re-configure php.ini + - name: Update php.ini + ansible.builtin.template: src=php7.4-php.ini.j2 dest=/etc/php/7.4/fpm/php.ini owner=root group=root mode=0644 + notify: reload php7.4-fpm tags: php-fpm when: install_php diff --git a/roles/php-fpm/tasks/main.yml b/roles/php-fpm/tasks/main.yml index c3ed1b7..e04627f 100644 --- a/roles/php-fpm/tasks/main.yml +++ b/roles/php-fpm/tasks/main.yml @@ -11,13 +11,13 @@ - name: Check if any vhost needs WordPress ansible.builtin.set_fact: install_php: true - when: "nginx_vhosts | selectattr('has_wordpress', 'defined') | selectattr('has_wordpress', 'equalto', true) | list | length > 0" + when: nginx_vhosts | selectattr('has_wordpress', 'defined') | selectattr('has_wordpress', 'equalto', true) | list | length > 0 # Legacy, was only for Piwik, but leaving for now. - name: Check if any vhost needs PHP ansible.builtin.set_fact: install_php: true - when: "nginx_vhosts | selectattr('needs_php', 'defined') | selectattr('needs_php', 'equalto', true) | list | length > 0" + when: nginx_vhosts | selectattr('needs_php', 'defined') | selectattr('needs_php', 'equalto', true) | list | length > 0 # If install_php has not been set, then we assume no vhosts need PHP. This is # a bit hacky, but it's the closest we come to an if/then/else. @@ -31,7 +31,7 @@ when: - ansible_distribution == 'Ubuntu' - ansible_distribution_version is version('20.04', '==') - - install_php == true + - install_php tags: php-fpm - name: Configure php-fpm on Debian 11 @@ -39,7 +39,7 @@ when: - ansible_distribution == 'Debian' - ansible_distribution_major_version is version('11', '==') - - install_php == true + - install_php tags: php-fpm - name: Configure php-fpm on Debian 12 @@ -47,7 +47,7 @@ when: - ansible_distribution == 'Debian' - ansible_distribution_major_version is version('12', '==') - - install_php == true + - install_php tags: php-fpm # vim: set ts=2 sw=2: