dotfiles/roles/nginx/tasks/main.yml

97 lines
2.2 KiB
YAML
Raw Normal View History

---
- name: Packages
ansible.builtin.include_tasks: install.yml
tags: install
- name: Install the proxy snippet
ansible.builtin.copy:
src: files/proxy.conf
dest: /etc/nginx/proxy.conf
mode: 0644
owner: root
group: root
notify: Restart nginx
- name: Install the SSL snippet
ansible.builtin.template:
src: templates/ssl.conf
dest: /etc/nginx/ssl.conf
mode: 0644
owner: root
group: root
notify: Restart nginx
- name: Install the default config
ansible.builtin.copy:
src: files/nginx.conf
dest: /etc/nginx/nginx.conf
mode: 0644
owner: root
group: root
notify: Restart nginx
- name: Install the HTTP config
ansible.builtin.template:
src: templates/http.conf
dest: /etc/nginx/http.conf
mode: 0644
owner: root
group: root
notify: Restart nginx
- name: Enable $HOME shortcut
ansible.builtin.template:
src: templates/me.conf
dest: /etc/nginx/conf.d/me.conf
mode: 0644
owner: root
group: root
notify: Restart nginx
- name: Allow httpd in homedirs in SELinux
ansible.posix.seboolean:
name: httpd_enable_homedirs
state: true
persistent: true
when: ansible_facts.selinux.status == 'enabled'
- name: Enable reverse proxy
ansible.builtin.template:
src: templates/reverse_proxy.conf
dest: "/etc/nginx/conf.d/{{ item.domain }}.conf"
mode: 0644
owner: root
group: root
vars:
proxy_domain: "{{ item.domain }}"
proxy_upstream: "{{ item.upstream }}"
proxy_protocol: "{{ item.protocol }}"
loop: "{{ nginx_reverse_proxy }}"
notify: Restart nginx
# httpd_can_network_relay was not enough for the ubiquiti reverse proxy
- name: Allow reverse proxy in SELinux
ansible.posix.seboolean:
name: httpd_can_network_connect
state: true
persistent: true
when: "ansible_facts.selinux.status == 'enabled' and nginx_reverse_proxy"
- name: Enable nginx on firewall
ansible.posix.firewalld:
service: "{{ item }}"
immediate: true
permanent: true
state: enabled
loop:
- http
- https
when: ansible_facts.services['firewalld'] is defined
tags: firewall
- name: Enable nginx
ansible.builtin.service:
name: nginx
enabled: true
state: restarted