ansible/roles/nginx/tasks/main.yml

---
- name: Include OS-specific variables
  ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"

- name: Enable nginx:124 module
  ansible.builtin.command:
    argv:
      - dnf
      - module
      - -y
      - enable
      - nginx:1.24
    creates: /etc/dnf/modules.d/nginx.module
  notify: Restart nginx
  when:
    - ansible_os_family == "RedHat"
    - ansible_distribution_major_version | int >= 9
    - ansible_distribution != "Fedora"

- name: Install packages
  ansible.builtin.package:
    name: nginx
    state: installed

- name: Fix selinux contexts from data directory
  community.general.sefcontext:
    path: /srv/web(/.*)?
    setype: httpd_sys_content_t
  when: ansible_selinux_python_present

- name: Create nginx data and config directories
  ansible.builtin.file:
    state: directory
    path: "{{ item }}"
    mode: "0755"
    owner: root
    group: "{{ ansible_wheel }}"
    seuser: _default
    setype: _default
  with_items:
    - /srv/web
    - "/srv/web/{{ inventory_hostname }}"
    - "/etc/nginx/conf.d/{{ inventory_hostname }}"

- name: Create nginx base config
  ansible.builtin.template:
    src: nginx.conf.j2
    dest: /etc/nginx/nginx.conf
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Restart nginx

# https://bugzilla.redhat.com/show_bug.cgi?id=1725248
- name: Create drop-in directory for service
  ansible.builtin.file:
    dest: /etc/systemd/system/nginx.service.d
    state: directory
    mode: "0755"
    owner: root
    group: "{{ ansible_wheel }}"
  when: ansible_os_family == "RedHat"

- name: Configure service startup dependencies
  ansible.builtin.copy:
    dest: /etc/systemd/system/nginx.service.d/dependency.conf
    src: dependency.conf
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"
  when: ansible_os_family == "RedHat"

- name: Disable web logs from newsyslog
  ansible.builtin.replace:
    path: /etc/newsyslog.conf
    regexp: "^/var/www/logs/"
    replace: "#/var/www/logs/"
  when: ansible_system == "OpenBSD"

- name: Install logrotate script
  ansible.builtin.copy:
    dest: /usr/local/bin/nginx-logrotate
    src: nginx-logrotate.sh
    mode: "0755"
    owner: root
    group: "{{ ansible_wheel }}"
  when: ansible_system == "OpenBSD"

- name: Add logrotate cron job
  ansible.builtin.cron:
    name: nginx-logrotate
    hour: "0"
    minute: "0"
    job: /usr/local/bin/nginx-logrotate
  when: ansible_system == "OpenBSD"

- name: Enable nginx service
  ansible.builtin.service:
    name: nginx
    arguments: "{% if ansible_system == 'OpenBSD' %}-u{% endif %}"
    state: started
    enabled: true