138 lines
3.1 KiB
YAML
138 lines
3.1 KiB
YAML
---
|
||
- name: include os-specific variables
|
||
include_vars: "{{ ansible_os_family }}.yml"
|
||
|
||
- name: enable nginx:120 module
|
||
command:
|
||
argv:
|
||
- dnf
|
||
- module
|
||
- -y
|
||
- enable
|
||
- nginx:1.20
|
||
creates: /etc/dnf/modules.d/nginx.module
|
||
warn: false
|
||
when:
|
||
- ansible_os_family == "RedHat"
|
||
- ansible_distribution != "Fedora"
|
||
- ansible_distribution_major_version|int >= 8
|
||
|
||
- name: install packages
|
||
package:
|
||
name: nginx
|
||
state: installed
|
||
|
||
- name: fix selinux contexts from data directory
|
||
sefcontext:
|
||
path: /srv/web(/.*)?
|
||
setype: httpd_sys_content_t
|
||
when: ansible_selinux_python_present == true
|
||
- name: create nginx data and config directories
|
||
file:
|
||
state: directory
|
||
path: "{{ item }}"
|
||
mode: 0755
|
||
owner: root
|
||
group: "{{ ansible_wheel }}"
|
||
seuser: _default
|
||
setype: _default
|
||
with_items:
|
||
- /srv/web
|
||
- "/srv/web/{{ inventory_hostname }}"
|
||
- "/etc/nginx/conf.d/{{ inventory_hostname }}"
|
||
|
||
- name: create nginx base config
|
||
template:
|
||
src: nginx.conf.j2
|
||
dest: /etc/nginx/nginx.conf
|
||
mode: 0644
|
||
owner: root
|
||
group: "{{ ansible_wheel }}"
|
||
notify: restart nginx
|
||
|
||
- name: fix logdir permissions
|
||
file:
|
||
path: "{{ nginx_logdir }}"
|
||
state: directory
|
||
mode: 0755
|
||
owner: root
|
||
group: "{{ ansible_wheel }}"
|
||
|
||
- name: disable system log rotate
|
||
lineinfile:
|
||
path: /etc/newsyslog.conf
|
||
state: absent
|
||
regexp: '^/var/www/logs/{{ item }}\s+.*'
|
||
with_items:
|
||
- access.log
|
||
- error.log
|
||
when: ansible_os_family == "OpenBSD"
|
||
|
||
- name: install custom logrotate
|
||
template:
|
||
dest: /usr/local/sbin/nginx-logrotate
|
||
src: nginx-logrotate.sh
|
||
mode: 0755
|
||
owner: root
|
||
group: "{{ ansible_wheel }}"
|
||
when: ansible_os_family == "OpenBSD"
|
||
|
||
- name: add logrotate cron job
|
||
cron:
|
||
name: nginx-logrotate
|
||
hour: "0"
|
||
minute: "0"
|
||
job: /usr/local/sbin/nginx-logrotate
|
||
when: ansible_os_family == "OpenBSD"
|
||
|
||
- name: set logdir permissions
|
||
file:
|
||
path: /var/log/nginx
|
||
mode: 0755
|
||
owner: root
|
||
group: root
|
||
when:
|
||
- ansible_distribution == "CentOS"
|
||
- ansible_distribution_major_version == "7"
|
||
|
||
- name: set logfile permissions
|
||
lineinfile:
|
||
path: /etc/logrotate.d/nginx
|
||
regexp: '^\s+create '
|
||
line: " create 0644 nginx root"
|
||
when:
|
||
- ansible_distribution == "CentOS"
|
||
- ansible_distribution_major_version == "7"
|
||
|
||
- import_role:
|
||
name: sftpuser
|
||
vars:
|
||
chroot: "{{ nginx_logdir }}"
|
||
user: logsync
|
||
publickeys: "{{ logsync_publickeys }}"
|
||
|
||
# https://bugzilla.redhat.com/show_bug.cgi?id=1725248
|
||
- block:
|
||
- name: create drop-in directory for service
|
||
file:
|
||
dest: /etc/systemd/system/nginx.service.d
|
||
state: directory
|
||
mode: 0755
|
||
owner: root
|
||
group: "{{ ansible_wheel }}"
|
||
|
||
- name: configure service startup dependencies
|
||
copy:
|
||
dest: /etc/systemd/system/nginx.service.d/dependency.conf
|
||
src: dependency.conf
|
||
mode: 0644
|
||
owner: root
|
||
group: "{{ ansible_wheel }}"
|
||
when: ansible_os_family == "RedHat"
|
||
|
||
- name: enable nginx service
|
||
service:
|
||
name: nginx
|
||
arguments: -u
|
||
state: started
|
||
enabled: true
|