diff options
author | Jonas Gunz <himself@jonasgunz.de> | 2023-09-01 01:27:09 +0200 |
---|---|---|
committer | Jonas Gunz <himself@jonasgunz.de> | 2023-09-01 01:27:09 +0200 |
commit | 347803f5a811972c719b09999d4d2b5e9e32e3eb (patch) | |
tree | cd7c5705426ae0ff8a41e84418c5407fbc1ec810 /roles | |
parent | 7ad67630c40c0669cc1c140ff2d42311fb780b47 (diff) | |
download | ansible_collection-347803f5a811972c719b09999d4d2b5e9e32e3eb.tar.gz |
new nginx role
Diffstat (limited to 'roles')
-rw-r--r-- | roles/nginx/Readme.md | 34 | ||||
-rw-r--r-- | roles/nginx/defaults/main.yml | 10 | ||||
-rw-r--r-- | roles/nginx/handlers/main.yml | 7 | ||||
-rw-r--r-- | roles/nginx/tasks/main.yml | 52 | ||||
-rw-r--r-- | roles/nginx/templates/nginx.conf.j2 | 18 | ||||
-rw-r--r-- | roles/nginx_reverse_proxy/Readme.md | 2 |
6 files changed, 123 insertions, 0 deletions
diff --git a/roles/nginx/Readme.md b/roles/nginx/Readme.md new file mode 100644 index 0000000..d9d648d --- /dev/null +++ b/roles/nginx/Readme.md @@ -0,0 +1,34 @@ +# nginx + +Simple role for configuring nginx servers. +The yaml keys and values are converted to raw nginx files. +See example + +```yml +--- +nginx: + servers: + default: + listen: 443 ssl + server_name: '{{ ansible_facts.fqdn }}' + ssl_certificate: '/etc/ssl/certs/{{ ansible_facts.fqdn }}.pem' + ssl_certificate_key: '/etc/ssl/private/{{ ansible_facts.fqdn }}.key' + 'location /': + proxy_pass: http://localhost:8080 +``` + +Produces + +```nginx +# vi: ft=nginx +# This file is managed by Ansible. DO NOT CHANGE! +server { + listen 443 ssl; + server_name hostname; + ssl_certificate /etc/ssl/certs/hostname.pem; + ssl_certificate_key /etc/ssl/private/hostname.key; + location / { + proxy_pass http://localhost:8080; + } +} +``` diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml new file mode 100644 index 0000000..bb9a0ea --- /dev/null +++ b/roles/nginx/defaults/main.yml @@ -0,0 +1,10 @@ +--- +nginx: + servers: + default: + listen: 443 ssl + server_name: '{{ ansible_facts.fqdn }}' + ssl_certificate: '/etc/ssl/certs/{{ ansible_facts.fqdn }}.pem' + ssl_certificate_key: '/etc/ssl/private/{{ ansible_facts.fqdn }}.key' + 'location /': + proxy_pass: http://localhost:8080 diff --git a/roles/nginx/handlers/main.yml b/roles/nginx/handlers/main.yml new file mode 100644 index 0000000..6ec4482 --- /dev/null +++ b/roles/nginx/handlers/main.yml @@ -0,0 +1,7 @@ +--- +- name: restart nginx + systemd: + name: nginx + enabled: true + state: restarted + become: true diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml new file mode 100644 index 0000000..f2e4c7a --- /dev/null +++ b/roles/nginx/tasks/main.yml @@ -0,0 +1,52 @@ +--- +- name: Install packages + apt: + name: + - nginx + become: true + +- name: Install site config + template: + src: nginx.conf.j2 + dest: '/etc/nginx/sites-available/{{ item.key }}' + become: true + with_dict: '{{ nginx.servers }}' + notify: + - restart nginx + +- name: Enable sites + file: + src: '/etc/nginx/sites-available/{{ item.key }}' + dest: '/etc/nginx/sites-enabled/{{ item.key }}' + state: link + become: true + with_dict: '{{ nginx.servers }}' + notify: + - restart nginx + +- name: Find old site links + find: + paths: '/etc/nginx/sites-enabled/' + excludes: '{{ nginx.servers.keys() }}' + file_type: link + depth: false + become: true + register: links_to_delete + +- name: Find old site files + find: + paths: '/etc/nginx/sites-available/' + excludes: '{{ nginx.servers.keys() }}' + file_type: file + depth: false + become: true + register: files_to_delete + +- name: Delete old site files and links + file: + path: "{{ item.path }}" + state: absent + with_items: "{{ links_to_delete.files + files_to_delete.files }}" + become: true + notify: + - restart nginx diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2 new file mode 100644 index 0000000..875003b --- /dev/null +++ b/roles/nginx/templates/nginx.conf.j2 @@ -0,0 +1,18 @@ +# vi: ft=nginx +# This file is managed by Ansible. DO NOT CHANGE! + +{%- macro add_tabs(n) %}{% for i in range(n) %} {%endfor%}{% endmacro %} +{% macro procval(key, val, tabs) -%} +{% if val is mapping %}{{ add_tabs(tabs) }}{{ key }} { +{% for k, v in val.items() %}{{ procval(k,v,tabs+1) }} +{{ add_tabs(tabs) }}{% endfor -%} } +{%- else -%} +{{ add_tabs(tabs) }}{{ key }} {{ val }}; +{%- endif -%} +{% endmacro %} + +server { +{% for key in item.value -%} +{{ procval(key, item.value[key], 1) }} +{% endfor -%} +} diff --git a/roles/nginx_reverse_proxy/Readme.md b/roles/nginx_reverse_proxy/Readme.md index 8c3c735..8688896 100644 --- a/roles/nginx_reverse_proxy/Readme.md +++ b/roles/nginx_reverse_proxy/Readme.md @@ -1,5 +1,7 @@ # nginx_reverse_proxy +Deprecated. Use `nginx` instead. + Small reverse proxy for local HTTPS proxieing. ```yml |