dotfiles/roles/nginx/tasks/main.yml
Matej Focko da56e3acd6
fix(nginx): unnest notify
notify should not be passed to the module

Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-22 16:43:15 +01:00

96 lines
2.2 KiB
YAML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
- name: Packages
ansible.builtin.include_tasks: install.yml
tags: install
- name: Install the proxy snippet
ansible.builtin.copy:
src: files/proxy.conf
dest: /etc/nginx/proxy.conf
mode: 0644
owner: root
group: root
notify: Restart nginx
- name: Install the SSL snippet
ansible.builtin.template:
src: templates/ssl.conf
dest: /etc/nginx/ssl.conf
mode: 0644
owner: root
group: root
notify: Restart nginx
- name: Install the default config
ansible.builtin.copy:
src: files/nginx.conf
dest: /etc/nginx/nginx.conf
mode: 0644
owner: root
group: root
notify: Restart nginx
- name: Install the HTTP config
ansible.builtin.template:
src: templates/http.conf
dest: /etc/nginx/http.conf
mode: 0644
owner: root
group: root
notify: Restart nginx
- name: Enable $HOME shortcut
ansible.builtin.template:
src: templates/me.conf
dest: /etc/nginx/conf.d/me.conf
mode: 0644
owner: root
group: root
notify: Restart nginx
- name: Allow httpd in homedirs in SELinux
ansible.posix.seboolean:
name: httpd_enable_homedirs
state: true
persistent: true
when: ansible_facts.selinux.status == 'enabled'
- name: Enable reverse proxy
ansible.builtin.template:
src: templates/reverse_proxy.conf
dest: "/etc/nginx/conf.d/{{ item.domain }}.conf"
mode: 0644
owner: root
group: root
vars:
proxy_domain: "{{ item.domain }}"
proxy_upstream: "{{ item.upstream }}"
proxy_protocol: "{{ item.protocol }}"
loop: "{{ nginx_reverse_proxy }}"
notify: Restart nginx
# httpd_can_network_relay was not enough for the ubiquiti reverse proxy
- name: Allow reverse proxy in SELinux
ansible.posix.seboolean:
name: httpd_can_network_connect
state: true
persistent: true
when: "ansible_facts.selinux.status == 'enabled' and nginx_reverse_proxy"
- name: Enable nginx on firewall
ansible.posix.firewalld:
service: "{{ item }}"
immediate: true
permanent: true
state: enabled
loop:
- http
- https
when: ansible_facts.services['firewalld'] is defined
tags: firewall
- name: Enable nginx
ansible.builtin.service:
name: nginx
enabled: true
state: restarted