--- - name: include os-specific variables include_vars: "{{ ansible_os_family }}.yml" - name: install nginx packages package: name: nginx state: installed - name: fix selinux contexts from data directory sefcontext: path: /srv/web(/.*)? setype: httpd_sys_content_t when: ansible_selinux_python_present == true - name: create nginx data and config directories file: state: directory path: "{{ item }}" mode: 0755 owner: root group: "{{ ansible_wheel }}" seuser: _default setype: _default with_items: - /srv/web - "/srv/web/{{ inventory_hostname }}" - "/etc/nginx/conf.d/{{ inventory_hostname }}" - name: create nginx base config template: src: nginx.conf.j2 dest: /etc/nginx/nginx.conf mode: 0644 owner: root group: "{{ ansible_wheel }}" notify: restart nginx - name: disable system log rotate lineinfile: path: /etc/newsyslog.conf state: absent regexp: '^/var/www/logs/{{ item }}\s+.*' with_items: - access.log - error.log when: ansible_os_family == "OpenBSD" - name: install custom logrotate template: dest: /usr/local/sbin/nginx-logrotate src: nginx-logrotate.sh mode: 0755 owner: root group: "{{ ansible_wheel }}" - name: add logrotate cron job cron: name: nginx-logrotate hour: "0" minute: "0" job: /usr/local/sbin/nginx-logrotate # https://bugzilla.redhat.com/show_bug.cgi?id=1725248 - block: - name: create drop-in directory for service file: dest: /etc/systemd/system/nginx.service.d state: directory mode: 0755 owner: root group: "{{ ansible_wheel }}" - name: configure service startup dependencies copy: dest: /etc/systemd/system/nginx.service.d/dependency.conf src: dependency.conf mode: 0644 owner: root group: "{{ ansible_wheel }}" when: ansible_os_family == "RedHat" - name: enable nginx service service: name: nginx arguments: -u state: started enabled: true