foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nginx: ansible-lint fixes

Browse source
This commit is contained in:
Timo Makinen 2022-10-30 16:32:45 +00:00
parent e65fc46d5b
commit 0745d3a635
3 changed files with 57 additions and 58 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
roles/nginx/server/handlers/main.yml
View file

@ -1,6 +1,5 @@
---
- name: restart nginx
service:
- name: Restart nginx
ansible.builtin.service:
name: nginx
state: restarted

88
roles/nginx/server/tasks/main.yml
View file

@ -1,9 +1,9 @@
---
- name: include os-specific variables
include_vars: "{{ ansible_os_family }}.yml"
- name: Include OS-specific variables
ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
- name: enable nginx:120 module
command:
- name: Enable nginx:120 module
ansible.builtin.command:
argv:
- dnf
- module
@ -17,19 +17,19 @@
- ansible_distribution != "Fedora"
- ansible_distribution_major_version|int >= 8
- name: install packages
package:
- name: Install packages
ansible.builtin.package:
name: nginx
state: installed
- name: fix selinux contexts from data directory
sefcontext:
- name: Fix selinux contexts from data directory
community.general.sefcontext:
path: /srv/web(/.*)?
setype: httpd_sys_content_t
when: ansible_selinux_python_present
- name: create nginx data and config directories
file:
- name: Create nginx data and config directories
ansible.builtin.file:
state: directory
path: "{{ item }}"
mode: 0755
@ -42,8 +42,8 @@
- "/srv/web/{{ inventory_hostname }}"
- "/etc/nginx/conf.d/{{ inventory_hostname }}"
- name: create nginx base config
template:
- name: Create nginx base config
ansible.builtin.template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
mode: 0644
@ -51,16 +51,16 @@
group: "{{ ansible_wheel }}"
notify: restart nginx
- name: fix logdir permissions
file:
- name: Fix logdir permissions
ansible.builtin.file:
path: "{{ nginx_logdir }}"
state: directory
mode: 0755
owner: root
group: "{{ ansible_wheel }}"
- name: disable system log rotate
lineinfile:
- name: Disable system log rotate
ansible.builtin.lineinfile:
path: /etc/newsyslog.conf
state: absent
regexp: '^/var/www/logs/{{ item }}\s+.*'
@ -69,8 +69,8 @@
- error.log
when: ansible_os_family == "OpenBSD"
- name: install custom logrotate
template:
- name: Install custom logrotate
ansible.builtin.template:
dest: /usr/local/sbin/nginx-logrotate
src: nginx-logrotate.sh
mode: 0755
@ -78,16 +78,16 @@
group: "{{ ansible_wheel }}"
when: ansible_os_family == "OpenBSD"
- name: add logrotate cron job
cron:
- name: Add logrotate cron job
ansible.builtin.cron:
name: nginx-logrotate
hour: "0"
minute: "0"
job: /usr/local/sbin/nginx-logrotate
when: ansible_os_family == "OpenBSD"
- name: set logdir permissions
file:
- name: Set logdir permissions
ansible.builtin.file:
path: /var/log/nginx
mode: 0755
owner: root
@ -96,8 +96,8 @@
- ansible_distribution == "CentOS"
- ansible_distribution_major_version == "7"
- name: set logfile permissions
lineinfile:
- name: Set logfile permissions
ansible.builtin.lineinfile:
path: /etc/logrotate.d/nginx
regexp: '^\s+create '
line: " create 0644 nginx root"
@ -105,8 +105,8 @@
- ansible_distribution == "CentOS"
- ansible_distribution_major_version == "7"
- name: import sftpuser role
import_role:
- name: Import sftpuser role
ansible.builtin.import_role:
name: sftpuser
vars:
chroot: "{{ nginx_logdir }}"
@ -114,26 +114,26 @@
publickeys: "{{ logsync_publickeys }}"
# https://bugzilla.redhat.com/show_bug.cgi?id=1725248
- block:
- name: create drop-in directory for service
file:
dest: /etc/systemd/system/nginx.service.d
state: directory
mode: 0755
owner: root
group: "{{ ansible_wheel }}"
- name: configure service startup dependencies
copy:
dest: /etc/systemd/system/nginx.service.d/dependency.conf
src: dependency.conf
mode: 0644
owner: root
group: "{{ ansible_wheel }}"
- name: Create drop-in directory for service
ansible.builtin.file:
dest: /etc/systemd/system/nginx.service.d
state: directory
mode: 0755
owner: root
group: "{{ ansible_wheel }}"
when: ansible_os_family == "RedHat"
- name: enable nginx service
service:
- name: Configure service startup dependencies
ansible.builtin.copy:
dest: /etc/systemd/system/nginx.service.d/dependency.conf
src: dependency.conf
mode: 0644
owner: root
group: "{{ ansible_wheel }}"
when: ansible_os_family == "RedHat"
- name: Enable nginx service
ansible.builtin.service:
name: nginx
arguments: -u
state: started

22
roles/nginx/site/tasks/main.yml
View file

@ -1,6 +1,6 @@
---
- name: "create site data directory for {{ site }}"
file:
- name: "Create site data directory for {{ site }}"
ansible.builtin.file:
path: "/srv/web/{{ site }}"
state: directory
mode: 0755
@ -8,17 +8,17 @@
group: "{{ ansible_wheel }}"
when: redirect is not defined and proxy is not defined
- name: "create site config for {{ site }}"
template:
- name: "Create site config for {{ site }}"
ansible.builtin.template:
dest: /etc/nginx/conf.d/{{ site }}.conf
src: site.conf.j2
mode: 0644
owner: root
group: "{{ ansible_wheel }}"
notify: restart nginx
notify: Restart nginx
- name: "copy site private key for {{ site }}"
copy:
- name: "Copy site private key for {{ site }}"
ansible.builtin.copy:
dest: "{{ tls_private }}/{{ site }}.key"
src: "{{ item }}"
mode: 0600
@ -29,10 +29,10 @@
- "/srv/ca/private/{{ site }}.key"
- "/srv/ca/private/{{ inventory_hostname }}.key"
tags: certificates
notify: restart nginx
notify: Restart nginx
- name: "copy site certificate for {{ site }}"
copy:
- name: "Copy site certificate for {{ site }}"
ansible.builtin.copy:
src: "{{ item }}"
dest: "{{ tls_certs }}/{{ site }}-fullchain.crt"
mode: 0644
@ -44,4 +44,4 @@
- "/srv/ca/certs/hosts/{{ site }}.crt"
- "/srv/ca/certs/hosts/{{ inventory_hostname }}.crt"
tags: certificates
notify: restart nginx
notify: Restart nginx