From 7bfd83f83d99e84e0d7c671649dcdabb7e70818c Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Sat, 23 Dec 2017 12:30:23 +0100 Subject: [PATCH] refactoring and cleanup --- tasks/install.yml | 180 ++++++++++++++++++++++++---------------------- 1 file changed, 93 insertions(+), 87 deletions(-) diff --git a/tasks/install.yml b/tasks/install.yml index 4a78eba..14db839 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -1,95 +1,96 @@ --- -- name: - yum_repository: - name: nginx - file: nginx - description: NGINX High Performance Web Server - baseurl: "http://nginx.org/packages/centos/{{ ansible_distribution_major_version }}/$basearch/" - gpgkey: https://nginx.org/keys/nginx_signing.key - gpgcheck: yes +- block: + - name: + yum_repository: + name: nginx + file: nginx + description: NGINX High Performance Web Server + baseurl: "http://nginx.org/packages/centos/{{ ansible_distribution_major_version }}/$basearch/" + gpgkey: https://nginx.org/keys/nginx_signing.key + gpgcheck: yes -- name: Installing nginx - yum: - name: nginx - state: installed + - name: Installing nginx + yum: + name: nginx + state: installed -- name: Prepare vhost directories - file: - path: '{{ item }}' - state: directory - owner: nginx - group: nginx - mode: 0750 - with_items: - - /var/www/vhosts - - /var/www/vhosts/default + - name: Prepare vhost directories + file: + path: '{{ item }}' + state: directory + owner: nginx + group: nginx + mode: 0750 + with_items: + - /var/www/vhosts + - /var/www/vhosts/default -- name: Prepare nginx directories - file: - path: '{{ item }}' - state: directory - owner: root - group: root - mode: 0640 - with_items: - - /etc/nginx/sites-available - - /etc/nginx/sites-enabled + - name: Prepare nginx directories + file: + path: '{{ item }}' + state: directory + owner: root + group: root + mode: 0640 + with_items: + - /etc/nginx/sites-available + - /etc/nginx/sites-enabled -- name: Add default page - template: - src: 'var/www/vhosts/default/index.html.j2' - dest: '/var/www/vhosts/default/index.html' - owner: nginx - group: nginx - mode: 0750 + - name: Update nginx.conf + template: + src: 'etc/nginx/nginx.conf.j2' + dest: '/etc/nginx/nginx.conf' + owner: root + group: root + mode: 0640 + notify: + - nginx_reload -- name: Update nginx.conf - template: - src: 'etc/nginx/nginx.conf.j2' - dest: '/etc/nginx/nginx.conf' - owner: root - group: root - mode: 0640 - notify: - - nginx_reload + - name: Update conf.d files + template: + src: 'etc/nginx/conf.d/{{ item }}.j2' + dest: '/etc/nginx/conf.d/{{ item }}' + owner: root + group: root + mode: 0640 + with_items: + - header.conf + - tls.conf + notify: + - nginx_reload -- name: Update conf.d files - template: - src: 'etc/nginx/conf.d/{{ item }}.j2' - dest: '/etc/nginx/conf.d/{{ item }}' - owner: root - group: root - mode: 0640 - with_items: - - header.conf - - tls.conf - notify: - - nginx_reload + - name: Remove default.conf from conf.d + file: + path: /etc/nginx/conf.d/default.conf + state: absent -- name: Remove default.conf from conf.d - file: - path: /etc/nginx/conf.d/default.conf - state: absent + - name: Add default page config + template: + src: 'etc/nginx/sites-available/default.j2' + dest: '/etc/nginx/sites-available/default' + owner: root + group: root + mode: 0640 + notify: + - nginx_reload -- name: Add default page config - template: - src: 'etc/nginx/sites-available/default.j2' - dest: '/etc/nginx/sites-available/default' - owner: root - group: root - mode: 0640 - notify: - - nginx_reload + - name: Enable default page + file: + src: /etc/nginx/sites-available/default + dest: /etc/nginx/sites-enabled/default + owner: root + group: root + state: link + notify: + - nginx_reload -- name: Enable default page - file: - src: /etc/nginx/sites-available/default - dest: /etc/nginx/sites-enabled/default - owner: root - group: root - state: link - notify: - - nginx_reload + - name: Open ports in iptables + iptables_raw: + name: allow_nginx_ports + state: present + rules: '-A INPUT -p tcp -m multiport --dports {{ nginx_open_ports|join(",") }} -j ACCEPT' + become: True + become_user: root - block: - name: Copy tls certificate @@ -142,11 +143,16 @@ become_user: root when: nginx_pfs_enabled -- name: Open ports in iptables - iptables_raw: - name: allow_nginx_ports - state: present - rules: '-A INPUT -p tcp -m multiport --dports {{ nginx_open_ports|join(",") }} -j ACCEPT' +- block: + - name: Add default page + template: + src: 'var/www/vhosts/default/index.html.j2' + dest: '/var/www/vhosts/default/index.html' + owner: nginx + group: nginx + mode: 0750 + become: True + become_user: nginx - name: Enable nginx service systemd: