ansible-personal

Author	SHA1	Message	Date
Alan Orth	de704a917f	roles/nginx: use boolean for use_letsencrypt instead of string "yes" This is very confusing when you forget about how Ansible/Python is testing conditionals. Let's use actual booleans so it's more clear.	2016-08-17 12:42:48 +03:00
Alan Orth	2a78c5cf59	roles/nginx: Add sanity check for use_letsencrypt variable Not all hosts will have this, so this task will flat out fail. We better check to see if it exists before we try to use it. ;)	2016-08-17 12:27:24 +03:00
Alan Orth	f798e47ad8	roles/nginx: Add 'force=yes' to WordPress git repo clone I never modify file in the git repo, but the WordPress updater does updates from the web (for example TwentySixteen theme), and this always causes the task to fail when I switch WordPress versions.	2016-08-17 11:39:10 +03:00
Alan Orth	e343ddc9a6	Add 'packages' tag to any task doing package stuff For idempotence we need to run all apt-related tasks, like editing source files, adding keys, installing packages, etc, when running the 'packages' tag.	2016-08-14 16:33:48 +03:00
Alan Orth	0cd2735c82	roles/nginx: Rework Let's Encrypt stuff Take an opinionated stance on HTTPS and assume that hosts are using HTTPS for all vhosts. This can either be via custom TLS cert/key pairs defined in the host's variables (could even be self-signed certificates on dev boxes) or via Let's Encrypt.	2016-06-27 23:52:39 +03:00
Alan Orth	1254cea195	roles/nginx: Replace "&" with "and"	2016-06-27 19:13:20 +03:00
Alan Orth	ebf79c5b07	roles/nginx: Add missing nginx tag The creation of the fastcgi cache dir is part of the nginx role and should be labled as such. In situations where you only run nginx tasks with `-t nginx` nginx will fail to start due to the missing cache dir.	2016-04-15 12:29:35 +03:00
Alan Orth	6a3b8f0918	Update some bare variables in with_items loops to use Ansible 2.0 syntax See: https://docs.ansible.com/ansible/porting_guide_2.0.html Signed-off-by: Alan Orth <alan.orth@gmail.com>	2016-03-11 18:53:07 +02:00
Alan Orth	940b2720da	Rename nginx_* variables underneath nginx_vhosts It's just deduplication, since it's already obvious that the dict is for nginx-related vars: - nginx_domain_name→domain_name - nginx_domain_aliases→domain_aliases - nginx_enable_https→enable_https - nginx_enable_hsts→enable_hsts Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-12-10 00:25:44 +02:00
Alan Orth	41547defb9	Finish moving logic and variables from nginx_tls_vhosts to nginx_vhosts Everything is TLS now (whether self-signed or not), so it's pointless to distinguish. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-12-10 00:14:47 +02:00
Alan Orth	7b9536838c	roles/nginx: Move nginx tls_vhosts.yml to vhosts.yml Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-12-09 23:56:50 +02:00
Alan Orth	dc5c09036c	Change pattern from nginx_tls_vhosts→nginx_vhosts All hosts should have TLS now, whether self-signed "snakeoil" certs or otherwise. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-12-09 23:54:18 +02:00
Alan Orth	4507e20155	roles/nginx: Change owner/group of WordPress folder to nginx after cloning Otherwise stuff like theme and plugin installs won't work. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-12-08 16:58:54 +02:00
Alan Orth	c0431d4247	Switch HTTPS vhosts to Let's Encrypt certificates For now I generated the certs manually, but in the future the play- book should run the letsencrypt-auto client for us! Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-11-07 20:53:39 +03:00
Alan Orth	9c70ab29e3	roles/nginx: Rename nginx sources.list template Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-08-23 13:24:43 +03:00
Alan Orth	78cb49c88b	roles/nginx: Add missing nginx tag to blank vhost task Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-06-06 00:07:50 +03:00
Alan Orth	151fb29687	roles/nginx: Add blank vhost For security and predictability clients should only get a reponse if they request a hostname we are actually hosting. If TLS is in use then this will use a self-signed snakeoil cert for an HTTPS-enabled blank, default vhost. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-06-06 00:07:50 +03:00
Alan Orth	fe765f5d3a	roles/nginx: Fix TLS cert loop to use the current item Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-06-01 14:46:06 +03:00
Alan Orth	4b74964963	roles/nginx: Do a shallow clone of WordPress git I realized there was no need to do a full clone when I was working in a Vagrant environment in a coffee shop with slow Internet. ;) Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-06-01 14:32:05 +03:00
Alan Orth	3746e798b6	roles/nginx: Use template for nginx repo A template is better than ansible's `apt_repository` module because we can idempotently control the contents of the file based on vari- ables. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-05-25 00:15:49 +03:00
Alan Orth	e675b750c4	roles/nginx: Switch to nginx stable branch Remove old mainline repo and add stable repo to get nginx 1.8.0. See: http://nginx.org/en/CHANGES-1.8 Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-04-23 14:52:22 +03:00
Alan Orth	4602f03bed	roles/nginx: Fix comment in main task Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-03-25 12:59:10 +03:00
Alan Orth	1174db87bc	roles/nginx: Add task to clone WordPress git Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-02-26 17:39:17 +03:00
Alan Orth	b93da27fde	roles/nginx: Create fastcgi cache dir Or else nginx doesn't start. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-02-19 18:49:39 +03:00
Alan Orth	0b90bad6a9	roles/nginx: Add fastcgi caching Bypasses caching for logged in users (right now only for sessions where the "wordpress_logged_in" cookie is set. Doubles the trans- actions per second as measured by siege: $ siege -d1 -t1M -c50 https://mjanja.ch Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-02-10 23:04:28 +03:00
Alan Orth	4ea152bf51	roles/nginx: Add HTTP headers for web application security See: https://github.com/h5bp/server-configs-nginx/blob/master/h5bp/directive-only/extra-security.conf See: https://www.owasp.org/index.php/List_of_useful_HTTP_headers Signed-off-by: Alan Orth <alan.orth@gmail.com>	2015-01-24 13:05:42 +03:00
Alan Orth	d04293a664	roles/nginx: Set nginx state to 'latest' in apt This way we can upgrade nginx simply by running the nginx tags. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-12-02 18:48:11 +03:00
Alan Orth	956fbefc1a	roles/nginx: Switch to nginx mainline (1.7) Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-11-07 01:02:44 +03:00
Alan Orth	08a920d0cb	Revert "roles/nginx: Ingenius use of YAML hashes to derive TLS key from another file" This reverts commit `59b9bd70b8`. Might not be so ingenious. Can't get this to work anymore...	2014-10-27 21:16:43 +03:00
Alan Orth	59b9bd70b8	roles/nginx: Ingenius use of YAML hashes to derive TLS key from another file This is kinda crazy, but makes the host_vars much easier to read. Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-10-11 15:42:44 +03:00
Alan Orth	d06ddf8a81	roles/nginx: Update TLS vhost task for Ansible > 1.7.1 Seems there is some YAML sublety that causes this syntax to insert double spaces on the destination file... using native YAML hashes are a workaround, see GitHub issues: https://github.com/ansible/ansible/issues/9067 https://github.com/ansible/ansible/issues/9172 Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-10-09 20:57:24 +03:00
Alan Orth	e6ffdf8652	roles/nginx: Update nginx https stuff - re-organize tls vhost configuration - copy TLS cert from host_vars directly to file Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-09-13 23:16:54 +03:00
Alan Orth	5bbec6716c	roles/nginx: Use template to configure nginx vhosts Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-27 20:03:34 +03:00
Alan Orth	ff95a34605	roles/nginx: Add vim modeline to main.yml Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-27 20:00:42 +03:00
Alan Orth	60b8ecdd4c	Initial commit Signed-off-by: Alan Orth <alan.orth@gmail.com>	2014-08-17 00:35:57 +03:00

1 2

85 Commits