Alan Orth
1738507ee9
As of Ansible 2.4 and 2.5 the behavior for importing tasks has changed to introduce the notion of static imports and dynamic includes. If the tasks doing the import is using variable interpolation or conditionals then the task should be dynamic. This results in quicker playbook runs due to less importing of unneccessary tasks. One side effect of this is that child tasks of dynamic includes do not inherit their parents' tags so you must tag them explicitly or a block. Also, I had to move the letsencrypt tasks to the main task file so the tags were available (due to dynamic tasks not inheriting tags).
63 lines
1.7 KiB
YAML
63 lines
1.7 KiB
YAML
---
|
|
- name: Add nginx.org apt signing key
|
|
apt_key: id=0x573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 url=https://nginx.org/keys/nginx_signing.key state=present
|
|
tags: nginx, packages
|
|
|
|
- name: Add nginx.org repo
|
|
template: src=nginx_org_sources.list.j2 dest=/etc/apt/sources.list.d/nginx_org_sources.list owner=root group=root mode=0644
|
|
tags: nginx, packages
|
|
|
|
- name: Install nginx
|
|
apt: pkg=nginx update_cache=yes state=present
|
|
tags: nginx, packages
|
|
|
|
- name: Copy nginx.conf
|
|
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf mode=0644 owner=root group=root
|
|
notify:
|
|
- reload nginx
|
|
tags: nginx
|
|
|
|
- name: Copy extra nginx configs
|
|
copy: src={{ item }} dest=/etc/nginx/{{ item }} mode=0644 owner=root group=root
|
|
loop:
|
|
- extra-security.conf
|
|
- fastcgi_cache
|
|
notify:
|
|
- reload nginx
|
|
tags: nginx
|
|
|
|
- name: Remove default nginx vhost
|
|
file: path=/etc/nginx/conf.d/default.conf state=absent
|
|
tags: nginx
|
|
|
|
- name: Create fastcgi cache dir
|
|
file: path=/var/cache/nginx/cached/fastcgi state=directory owner=nginx group=nginx mode=0755
|
|
tags: nginx
|
|
|
|
- name: Configure nginx virtual hosts
|
|
include_tasks: vhosts.yml
|
|
when: nginx_vhosts is defined
|
|
tags: nginx
|
|
|
|
- name: Configure blank nginx vhost
|
|
template: src=blank-vhost.conf.j2 dest={{ nginx_confd_path }}/blank-vhost.conf mode=0644 owner=root group=root
|
|
notify:
|
|
- reload nginx
|
|
tags: nginx
|
|
|
|
- name: Configure munin vhost
|
|
copy: src=munin.conf dest=/etc/nginx/conf.d/munin.conf mode=0644 owner=root group=root
|
|
notify:
|
|
- reload nginx
|
|
tags: nginx
|
|
|
|
- name: Start and enable nginx service
|
|
systemd: name=nginx state=started enabled=yes
|
|
tags: nginx
|
|
|
|
- include_tasks: letsencrypt.yml
|
|
when: use_letsencrypt is defined and use_letsencrypt == True
|
|
tags: letsencrypt
|
|
|
|
# vim: set ts=2 sw=2:
|