roles: use fully qualified module names
This commit is contained in:
@ -1,5 +1,5 @@
|
||||
---
|
||||
# file: roles/nginx/defaults/main.yml
|
||||
# ansible.builtin.file: roles/nginx/defaults/main.yml
|
||||
|
||||
# path config
|
||||
nginx_confd_path: /etc/nginx/conf.d
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
- name: reload nginx
|
||||
systemd: name=nginx state=reloaded
|
||||
ansible.builtin.systemd: name=nginx state=reloaded
|
||||
|
||||
# vim: set ts=2 sw=2:
|
||||
|
||||
@ -4,12 +4,12 @@
|
||||
# snap now.
|
||||
- block:
|
||||
- name: Remove certbot
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
name: certbot
|
||||
state: absent
|
||||
|
||||
- name: Remove old certbot post and pre hooks for nginx
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
dest: "{{ item }}"
|
||||
state: absent
|
||||
with_items:
|
||||
@ -17,12 +17,12 @@
|
||||
- /etc/letsencrypt/renewal-hooks/post/start-nginx.sh
|
||||
|
||||
- name: Check if acme.sh is installed
|
||||
stat:
|
||||
ansible.builtin.stat:
|
||||
path: "{{ letsencrypt_acme_home }}"
|
||||
register: acme_home
|
||||
|
||||
- name: Download acme.sh
|
||||
get_url:
|
||||
ansible.builtin.get_url:
|
||||
url: https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh
|
||||
dest: "{{ letsencrypt_acme_script_temp }}"
|
||||
mode: 0700
|
||||
@ -41,7 +41,7 @@
|
||||
when: acme_download is changed
|
||||
|
||||
- name: Remove temporary acme.sh script
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
dest: "{{ letsencrypt_acme_script_temp }}"
|
||||
state: absent
|
||||
when: acme_install.rc is defined and acme_install.rc == 0
|
||||
@ -51,7 +51,7 @@
|
||||
cmd: "{{ letsencrypt_acme_home }}/acme.sh --set-default-ca --server letsencrypt"
|
||||
|
||||
- name: Prepare Let's Encrypt well-known directory
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
state: directory
|
||||
path: /var/lib/letsencrypt/.well-known
|
||||
owner: root
|
||||
@ -59,7 +59,7 @@
|
||||
mode: g+s
|
||||
|
||||
- name: Copy systemd service to renew Let's Encrypt certs
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: renew-letsencrypt.service.j2
|
||||
dest: /etc/systemd/system/renew-letsencrypt.service
|
||||
mode: 0644
|
||||
@ -67,7 +67,7 @@
|
||||
group: root
|
||||
|
||||
- name: Copy systemd timer to renew Let's Encrypt certs
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: renew-letsencrypt.timer
|
||||
dest: /etc/systemd/system/renew-letsencrypt.timer
|
||||
mode: 0644
|
||||
@ -76,7 +76,7 @@
|
||||
|
||||
# always issues daemon-reload just in case the service/timer changed
|
||||
- name: Start and enable systemd timer to renew Let's Encrypt certs
|
||||
systemd:
|
||||
ansible.builtin.systemd:
|
||||
name: renew-letsencrypt.timer
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
@ -1,33 +1,33 @@
|
||||
---
|
||||
- name: Add nginx.org apt signing key
|
||||
apt_key: id=0x573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 url=https://nginx.org/keys/nginx_signing.key state=present
|
||||
ansible.builtin.apt_key: id=0x573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 url=https://nginx.org/keys/nginx_signing.key state=present
|
||||
register: add_nginx_apt_key
|
||||
tags: nginx, packages
|
||||
|
||||
- name: Add nginx.org repo
|
||||
template: src=nginx_org_sources.list.j2 dest=/etc/apt/sources.list.d/nginx_org_sources.list owner=root group=root mode=0644
|
||||
ansible.builtin.template: src=nginx_org_sources.list.j2 dest=/etc/apt/sources.list.d/nginx_org_sources.list owner=root group=root mode=0644
|
||||
register: add_nginx_apt_repository
|
||||
tags: nginx, packages
|
||||
|
||||
- name: Update apt cache
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
update_cache: yes
|
||||
when:
|
||||
add_nginx_apt_key is changed or
|
||||
add_nginx_apt_repository is changed
|
||||
|
||||
- name: Install nginx
|
||||
apt: pkg=nginx cache_valid_time=3600 state=present
|
||||
ansible.builtin.apt: pkg=nginx cache_valid_time=3600 state=present
|
||||
tags: nginx, packages
|
||||
|
||||
- name: Copy nginx.conf
|
||||
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf mode=0644 owner=root group=root
|
||||
ansible.builtin.template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf mode=0644 owner=root group=root
|
||||
notify:
|
||||
- reload nginx
|
||||
tags: nginx
|
||||
|
||||
- name: Copy extra nginx configs
|
||||
copy: src={{ item }} dest=/etc/nginx/{{ item }} mode=0644 owner=root group=root
|
||||
ansible.builtin.copy: src={{ item }} dest=/etc/nginx/{{ item }} mode=0644 owner=root group=root
|
||||
loop:
|
||||
- extra-security.conf
|
||||
- fastcgi_cache
|
||||
@ -36,41 +36,41 @@
|
||||
tags: nginx
|
||||
|
||||
- name: Remove default nginx vhost
|
||||
file: path=/etc/nginx/conf.d/default.conf state=absent
|
||||
ansible.builtin.file: path=/etc/nginx/conf.d/default.conf state=absent
|
||||
tags: nginx
|
||||
|
||||
- name: Create fastcgi cache dir
|
||||
file: path=/var/cache/nginx/cached/fastcgi state=directory owner=nginx group=nginx mode=0755
|
||||
ansible.builtin.file: path=/var/cache/nginx/cached/fastcgi state=directory owner=nginx group=nginx mode=0755
|
||||
tags: nginx
|
||||
|
||||
- name: Configure nginx virtual hosts
|
||||
include_tasks: vhosts.yml
|
||||
ansible.builtin.include_tasks: vhosts.yml
|
||||
when: nginx_vhosts is defined
|
||||
tags: nginx
|
||||
|
||||
- name: Configure WordPress
|
||||
include_tasks: wordpress.yml
|
||||
ansible.builtin.include_tasks: wordpress.yml
|
||||
when: nginx_vhosts is defined
|
||||
tags: wordpress
|
||||
|
||||
- name: Configure blank nginx vhost
|
||||
template: src=blank-vhost.conf.j2 dest={{ nginx_confd_path }}/blank-vhost.conf mode=0644 owner=root group=root
|
||||
ansible.builtin.template: src=blank-vhost.conf.j2 dest={{ nginx_confd_path }}/blank-vhost.conf mode=0644 owner=root group=root
|
||||
notify:
|
||||
- reload nginx
|
||||
tags: nginx
|
||||
|
||||
- name: Configure munin vhost
|
||||
copy: src=munin.conf dest=/etc/nginx/conf.d/munin.conf mode=0644 owner=root group=root
|
||||
ansible.builtin.copy: src=munin.conf dest=/etc/nginx/conf.d/munin.conf mode=0644 owner=root group=root
|
||||
notify:
|
||||
- reload nginx
|
||||
tags: nginx
|
||||
|
||||
- name: Start and enable nginx service
|
||||
systemd: name=nginx state=started enabled=yes
|
||||
ansible.builtin.systemd: name=nginx state=started enabled=yes
|
||||
tags: nginx
|
||||
|
||||
- name: Configure Let's Encrypt
|
||||
include_tasks: letsencrypt.yml
|
||||
ansible.builtin.include_tasks: letsencrypt.yml
|
||||
tags: letsencrypt
|
||||
|
||||
# vim: set ts=2 sw=2:
|
||||
|
||||
@ -2,18 +2,18 @@
|
||||
|
||||
- block:
|
||||
- name: Configure https vhosts
|
||||
template: src=vhost.conf.j2 dest={{ nginx_confd_path }}/{{ item.domain_name }}.conf mode=0644 owner=root group=root
|
||||
ansible.builtin.template: src=vhost.conf.j2 dest={{ nginx_confd_path }}/{{ item.domain_name }}.conf mode=0644 owner=root group=root
|
||||
loop: "{{ nginx_vhosts }}"
|
||||
notify:
|
||||
- reload nginx
|
||||
|
||||
- name: Generate self-signed TLS cert
|
||||
command: openssl req -x509 -nodes -sha256 -days 365 -subj "/C=SO/ST=SO/L=snakeoil/O=snakeoil/CN=snakeoil" -newkey rsa:2048 -keyout /etc/ssl/private/nginx-snakeoil.key -out /etc/ssl/certs/nginx-snakeoil.crt -extensions v3_ca creates=/etc/ssl/certs/nginx-snakeoil.crt
|
||||
ansible.builtin.command: openssl req -x509 -nodes -sha256 -days 365 -subj "/C=SO/ST=SO/L=snakeoil/O=snakeoil/CN=snakeoil" -newkey rsa:2048 -keyout /etc/ssl/private/nginx-snakeoil.key -out /etc/ssl/certs/nginx-snakeoil.crt -extensions v3_ca creates=/etc/ssl/certs/nginx-snakeoil.crt
|
||||
notify:
|
||||
- reload nginx
|
||||
|
||||
- name: Download 4096-bit RFC 7919 dhparams
|
||||
get_url:
|
||||
ansible.builtin.get_url:
|
||||
url: https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe4096.pem
|
||||
checksum: sha256:64852d6890ff9e62eecd1ee89c72af9af244dfef5b853bcedea3dfd7aade22b3
|
||||
dest: "{{ nginx_ssl_dhparam }}"
|
||||
@ -22,7 +22,7 @@
|
||||
|
||||
# TODO: this could break because we can override the document root in host vars
|
||||
- name: Create vhost document roots
|
||||
file: path={{ nginx_root_prefix }}/{{ item.domain_name }} state=directory mode=0755 owner=nginx group=nginx
|
||||
ansible.builtin.file: path={{ nginx_root_prefix }}/{{ item.domain_name }} state=directory mode=0755 owner=nginx group=nginx
|
||||
loop: "{{ nginx_vhosts }}"
|
||||
tags: nginx
|
||||
|
||||
|
||||
@ -2,12 +2,12 @@
|
||||
|
||||
- block:
|
||||
- name: Install WordPress
|
||||
git: repo=https://github.com/WordPress/WordPress.git dest={{ nginx_root_prefix }}/{{ item.domain_name }}/wordpress version={{ item.wordpress_version }} depth=1 force=yes
|
||||
ansible.builtin.git: repo=https://github.com/WordPress/WordPress.git dest={{ nginx_root_prefix }}/{{ item.domain_name }}/wordpress version={{ item.wordpress_version }} depth=1 force=yes
|
||||
when: item.has_wordpress is defined and item.has_wordpress
|
||||
loop: "{{ nginx_vhosts }}"
|
||||
|
||||
- name: Fix WordPress directory permissions
|
||||
file: path={{ nginx_root_prefix }}/{{ item.domain_name }} state=directory owner=nginx group=nginx recurse=yes
|
||||
ansible.builtin.file: path={{ nginx_root_prefix }}/{{ item.domain_name }} state=directory owner=nginx group=nginx recurse=yes
|
||||
when: item.has_wordpress is defined and item.has_wordpress
|
||||
loop: "{{ nginx_vhosts }}"
|
||||
tags: wordpress
|
||||
|
||||
Reference in New Issue
Block a user