tasks/main.yml - ansible/role/nginx - Gitiles

 ---
 # nginx tasks/main.yml
 #
 # SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
 # SPDX-License-Identifier: Apache-2.0

 - name: include OS-specific vars
   include_vars: "{{ ansible_os_family }}.yml"

 - name: include OS-specific package repo updates
   include_tasks: "{{ ansible_os_family }}-repo.yml"
   when: nginx_add_package_repo | bool

 - name: include OS-specific tasks
   include_tasks: "{{ ansible_os_family }}.yml"

 - name: Create Static Virtualhost root directories
   when: >
     (item.proxy_pass is not defined or not item.proxy_pass) and
     (item.redirect_url is not defined)
   file:
     state: directory
     path: "{{ nginx_static_dir }}/{{ item.name }}"
     owner: "{{ item.owner | default('root') }}"
     group: "{{ nginx_groupname }}"
     mode: 0755
   with_items: "{{ vhosts }}"

 - name: Create directory for ACME challenges files
   file:
     state: directory
     path: "{{ acme_challenge_dir }}"
     owner: "{{ acme_username }}"
     group: "{{ nginx_groupname }}"
     mode: 0755

 - name: Create directory for auth_basic htpasswd files
   file:
     state: directory
     path: "{{ nginx_auth_basic_dir }}"
     owner: root
     group: "{{ nginx_groupname }}"
     mode: 0750

 - name: Create auth_basic htpasswd files
   htpasswd:
     name: "{{ item.1.name }}"
     password: "{{ item.1.password }}"
     path: "{{ nginx_auth_basic_dir }}/{{ item.0.scope }}.htpasswd"
     owner: root
     group: "{{ nginx_groupname }}"
     mode: 0640
     crypt_scheme: ldap_salted_sha1
   with_subelements:
     - "{{ auth_scopes }}"
     - users
   no_log: true

 # file obtained on 2020-07-05 from https://ssl-config.mozilla.org/ffdhe2048.txt
 - name: Copy over Mozilla-supplied dhparam config file
   copy:
     src: "ffdhe2048.txt"
     dest: "{{ nginx_conf_dir }}/dhparam"
     owner: root
     group: "{{ nginx_groupname }}"
     mode: 0644

 # file from example on nginx wiki:
 #   https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/
 - name: Copy over fastcgi_params config file
   copy:
     src: "fastcgi_params"
     dest: "{{ nginx_conf_dir }}/fastcgi_params"
     owner: root
     group: "{{ nginx_groupname }}"
     mode: 0644

 - name: Global NGINX configuration from template
   template:
     src: "nginx.conf.j2"
     dest: "{{ nginx_conf_dir }}/nginx.conf"
     owner: root
     group: "{{ nginx_groupname }}"
     mode: 0644
     backup: true
     #    validate: "nginx -t -c %s"
   notify:
     - test-nginx-config
     - reload-nginx

 # this is needed when using the NGINX apt repo, already exists in the
 # ubuntu/debian distro version
 - name: Create sites-available and sites-enabled directories
   file:
     state: directory
     path: "{{ nginx_conf_dir }}/{{ item }}"
     owner: root
     group: "{{ nginx_groupname }}"
     mode: 0755
   with_items:
     - "sites-available"
     - "sites-enabled"

 - name: Create VirtualHost configurations from template
   template:
     src: "vhost.conf.j2"
     dest: "{{ nginx_conf_dir }}/sites-available/{{ item.name }}.conf"
     owner: root
     group: "{{ nginx_groupname }}"
     mode: 0644
     backup: true
   with_items: "{{ vhosts }}"
   notify:
     - test-nginx-config
     - reload-nginx

 - name: Disable default host
   file:
     state: absent
     path: "{{ nginx_conf_dir }}/sites-enabled/default"

 - name: Enable VirtualHosts via symlink
   file:
     state: link
     src: "{{ nginx_conf_dir }}/sites-available/{{ item.name }}.conf"
     dest: "{{ nginx_conf_dir }}/sites-enabled/{{ item.name }}.conf"
     owner: root
     group: "{{ nginx_groupname }}"
   with_items: "{{ vhosts }}"
   notify:
     - test-nginx-config
     - reload-nginx

 - name: Flush handlers to reconfigure before dependent roles run (acme, etc.)
   meta: flush_handlers
	---
	# nginx tasks/main.yml
	#
	# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
	# SPDX-License-Identifier: Apache-2.0

	- name: include OS-specific vars
	include_vars: "{{ ansible_os_family }}.yml"

	- name: include OS-specific package repo updates
	include_tasks: "{{ ansible_os_family }}-repo.yml"
	when: nginx_add_package_repo \| bool

	- name: include OS-specific tasks
	include_tasks: "{{ ansible_os_family }}.yml"

	- name: Create Static Virtualhost root directories
	when: >
	(item.proxy_pass is not defined or not item.proxy_pass) and
	(item.redirect_url is not defined)
	file:
	state: directory
	path: "{{ nginx_static_dir }}/{{ item.name }}"
	owner: "{{ item.owner \| default('root') }}"
	group: "{{ nginx_groupname }}"
	mode: 0755
	with_items: "{{ vhosts }}"

	- name: Create directory for ACME challenges files
	file:
	state: directory
	path: "{{ acme_challenge_dir }}"
	owner: "{{ acme_username }}"
	group: "{{ nginx_groupname }}"
	mode: 0755

	- name: Create directory for auth_basic htpasswd files
	file:
	state: directory
	path: "{{ nginx_auth_basic_dir }}"
	owner: root
	group: "{{ nginx_groupname }}"
	mode: 0750

	- name: Create auth_basic htpasswd files
	htpasswd:
	name: "{{ item.1.name }}"
	password: "{{ item.1.password }}"
	path: "{{ nginx_auth_basic_dir }}/{{ item.0.scope }}.htpasswd"
	owner: root
	group: "{{ nginx_groupname }}"
	mode: 0640
	crypt_scheme: ldap_salted_sha1
	with_subelements:
	- "{{ auth_scopes }}"
	- users
	no_log: true

	# file obtained on 2020-07-05 from https://ssl-config.mozilla.org/ffdhe2048.txt
	- name: Copy over Mozilla-supplied dhparam config file
	copy:
	src: "ffdhe2048.txt"
	dest: "{{ nginx_conf_dir }}/dhparam"
	owner: root
	group: "{{ nginx_groupname }}"
	mode: 0644

	# file from example on nginx wiki:
	# https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/
	- name: Copy over fastcgi_params config file
	copy:
	src: "fastcgi_params"
	dest: "{{ nginx_conf_dir }}/fastcgi_params"
	owner: root
	group: "{{ nginx_groupname }}"
	mode: 0644

	- name: Global NGINX configuration from template
	template:
	src: "nginx.conf.j2"
	dest: "{{ nginx_conf_dir }}/nginx.conf"
	owner: root
	group: "{{ nginx_groupname }}"
	mode: 0644
	backup: true
	# validate: "nginx -t -c %s"
	notify:
	- test-nginx-config
	- reload-nginx

	# this is needed when using the NGINX apt repo, already exists in the
	# ubuntu/debian distro version
	- name: Create sites-available and sites-enabled directories
	file:
	state: directory
	path: "{{ nginx_conf_dir }}/{{ item }}"
	owner: root
	group: "{{ nginx_groupname }}"
	mode: 0755
	with_items:
	- "sites-available"
	- "sites-enabled"

	- name: Create VirtualHost configurations from template
	template:
	src: "vhost.conf.j2"
	dest: "{{ nginx_conf_dir }}/sites-available/{{ item.name }}.conf"
	owner: root
	group: "{{ nginx_groupname }}"
	mode: 0644
	backup: true
	with_items: "{{ vhosts }}"
	notify:
	- test-nginx-config
	- reload-nginx

	- name: Disable default host
	file:
	state: absent
	path: "{{ nginx_conf_dir }}/sites-enabled/default"

	- name: Enable VirtualHosts via symlink
	file:
	state: link
	src: "{{ nginx_conf_dir }}/sites-available/{{ item.name }}.conf"
	dest: "{{ nginx_conf_dir }}/sites-enabled/{{ item.name }}.conf"
	owner: root
	group: "{{ nginx_groupname }}"
	with_items: "{{ vhosts }}"
	notify:
	- test-nginx-config
	- reload-nginx

	- name: Flush handlers to reconfigure before dependent roles run (acme, etc.)
	meta: flush_handlers