aboutsummaryrefslogtreecommitdiff
path: root/roles
diff options
context:
space:
mode:
authorGravatar Jonas Gunz <himself@jonasgunz.de> 2023-09-01 01:27:09 +0200
committerGravatar Jonas Gunz <himself@jonasgunz.de> 2023-09-01 01:27:09 +0200
commit347803f5a811972c719b09999d4d2b5e9e32e3eb (patch)
treecd7c5705426ae0ff8a41e84418c5407fbc1ec810 /roles
parent7ad67630c40c0669cc1c140ff2d42311fb780b47 (diff)
downloadansible_collection-347803f5a811972c719b09999d4d2b5e9e32e3eb.tar.gz
new nginx role
Diffstat (limited to 'roles')
-rw-r--r--roles/nginx/Readme.md34
-rw-r--r--roles/nginx/defaults/main.yml10
-rw-r--r--roles/nginx/handlers/main.yml7
-rw-r--r--roles/nginx/tasks/main.yml52
-rw-r--r--roles/nginx/templates/nginx.conf.j218
-rw-r--r--roles/nginx_reverse_proxy/Readme.md2
6 files changed, 123 insertions, 0 deletions
diff --git a/roles/nginx/Readme.md b/roles/nginx/Readme.md
new file mode 100644
index 0000000..d9d648d
--- /dev/null
+++ b/roles/nginx/Readme.md
@@ -0,0 +1,34 @@
+# nginx
+
+Simple role for configuring nginx servers.
+The yaml keys and values are converted to raw nginx files.
+See example
+
+```yml
+---
+nginx:
+ servers:
+ default:
+ listen: 443 ssl
+ server_name: '{{ ansible_facts.fqdn }}'
+ ssl_certificate: '/etc/ssl/certs/{{ ansible_facts.fqdn }}.pem'
+ ssl_certificate_key: '/etc/ssl/private/{{ ansible_facts.fqdn }}.key'
+ 'location /':
+ proxy_pass: http://localhost:8080
+```
+
+Produces
+
+```nginx
+# vi: ft=nginx
+# This file is managed by Ansible. DO NOT CHANGE!
+server {
+ listen 443 ssl;
+ server_name hostname;
+ ssl_certificate /etc/ssl/certs/hostname.pem;
+ ssl_certificate_key /etc/ssl/private/hostname.key;
+ location / {
+ proxy_pass http://localhost:8080;
+ }
+}
+```
diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml
new file mode 100644
index 0000000..bb9a0ea
--- /dev/null
+++ b/roles/nginx/defaults/main.yml
@@ -0,0 +1,10 @@
+---
+nginx:
+ servers:
+ default:
+ listen: 443 ssl
+ server_name: '{{ ansible_facts.fqdn }}'
+ ssl_certificate: '/etc/ssl/certs/{{ ansible_facts.fqdn }}.pem'
+ ssl_certificate_key: '/etc/ssl/private/{{ ansible_facts.fqdn }}.key'
+ 'location /':
+ proxy_pass: http://localhost:8080
diff --git a/roles/nginx/handlers/main.yml b/roles/nginx/handlers/main.yml
new file mode 100644
index 0000000..6ec4482
--- /dev/null
+++ b/roles/nginx/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+- name: restart nginx
+ systemd:
+ name: nginx
+ enabled: true
+ state: restarted
+ become: true
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
new file mode 100644
index 0000000..f2e4c7a
--- /dev/null
+++ b/roles/nginx/tasks/main.yml
@@ -0,0 +1,52 @@
+---
+- name: Install packages
+ apt:
+ name:
+ - nginx
+ become: true
+
+- name: Install site config
+ template:
+ src: nginx.conf.j2
+ dest: '/etc/nginx/sites-available/{{ item.key }}'
+ become: true
+ with_dict: '{{ nginx.servers }}'
+ notify:
+ - restart nginx
+
+- name: Enable sites
+ file:
+ src: '/etc/nginx/sites-available/{{ item.key }}'
+ dest: '/etc/nginx/sites-enabled/{{ item.key }}'
+ state: link
+ become: true
+ with_dict: '{{ nginx.servers }}'
+ notify:
+ - restart nginx
+
+- name: Find old site links
+ find:
+ paths: '/etc/nginx/sites-enabled/'
+ excludes: '{{ nginx.servers.keys() }}'
+ file_type: link
+ depth: false
+ become: true
+ register: links_to_delete
+
+- name: Find old site files
+ find:
+ paths: '/etc/nginx/sites-available/'
+ excludes: '{{ nginx.servers.keys() }}'
+ file_type: file
+ depth: false
+ become: true
+ register: files_to_delete
+
+- name: Delete old site files and links
+ file:
+ path: "{{ item.path }}"
+ state: absent
+ with_items: "{{ links_to_delete.files + files_to_delete.files }}"
+ become: true
+ notify:
+ - restart nginx
diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2
new file mode 100644
index 0000000..875003b
--- /dev/null
+++ b/roles/nginx/templates/nginx.conf.j2
@@ -0,0 +1,18 @@
+# vi: ft=nginx
+# This file is managed by Ansible. DO NOT CHANGE!
+
+{%- macro add_tabs(n) %}{% for i in range(n) %} {%endfor%}{% endmacro %}
+{% macro procval(key, val, tabs) -%}
+{% if val is mapping %}{{ add_tabs(tabs) }}{{ key }} {
+{% for k, v in val.items() %}{{ procval(k,v,tabs+1) }}
+{{ add_tabs(tabs) }}{% endfor -%} }
+{%- else -%}
+{{ add_tabs(tabs) }}{{ key }} {{ val }};
+{%- endif -%}
+{% endmacro %}
+
+server {
+{% for key in item.value -%}
+{{ procval(key, item.value[key], 1) }}
+{% endfor -%}
+}
diff --git a/roles/nginx_reverse_proxy/Readme.md b/roles/nginx_reverse_proxy/Readme.md
index 8c3c735..8688896 100644
--- a/roles/nginx_reverse_proxy/Readme.md
+++ b/roles/nginx_reverse_proxy/Readme.md
@@ -1,5 +1,7 @@
# nginx_reverse_proxy
+Deprecated. Use `nginx` instead.
+
Small reverse proxy for local HTTPS proxieing.
```yml