89 lines
2 KiB
YAML
89 lines
2 KiB
YAML
---
|
||
- name: Packages
|
||
ansible.builtin.include_tasks: install.yml
|
||
tags: install
|
||
|
||
- name: Install the proxy snippet
|
||
ansible.builtin.copy:
|
||
src: files/proxy.conf
|
||
dest: /etc/nginx/proxy.conf
|
||
mode: 0644
|
||
owner: root
|
||
group: root
|
||
|
||
- name: Install the SSL snippet
|
||
ansible.builtin.template:
|
||
src: templates/ssl.conf
|
||
dest: /etc/nginx/ssl.conf
|
||
mode: 0644
|
||
owner: root
|
||
group: root
|
||
|
||
- name: Install the default config
|
||
ansible.builtin.copy:
|
||
src: files/nginx.conf
|
||
dest: /etc/nginx/nginx.conf
|
||
mode: 0644
|
||
owner: root
|
||
group: root
|
||
|
||
- name: Install the HTTP config
|
||
ansible.builtin.template:
|
||
src: templates/http.conf
|
||
dest: /etc/nginx/http.conf
|
||
mode: 0644
|
||
owner: root
|
||
group: root
|
||
|
||
- name: Enable $HOME shortcut
|
||
ansible.builtin.template:
|
||
src: templates/me.conf
|
||
dest: /etc/nginx/conf.d/me.conf
|
||
mode: 0644
|
||
owner: root
|
||
group: root
|
||
|
||
- name: Allow httpd in homedirs in SELinux
|
||
ansible.posix.seboolean:
|
||
name: httpd_enable_homedirs
|
||
state: true
|
||
persistent: true
|
||
when: ansible_facts.selinux.status == 'enabled'
|
||
|
||
- name: Enable reverse proxy
|
||
ansible.builtin.template:
|
||
src: templates/reverse_proxy.conf
|
||
dest: "/etc/nginx/conf.d/{{ item.domain }}.conf"
|
||
mode: 0644
|
||
owner: root
|
||
group: root
|
||
vars:
|
||
proxy_domain: "{{ item.domain }}"
|
||
proxy_upstream: "{{ item.upstream }}"
|
||
proxy_protocol: "{{ item.protocol }}"
|
||
loop: "{{ nginx_reverse_proxy }}"
|
||
|
||
# ‹httpd_can_network_relay› was not enough for the ubiquiti reverse proxy
|
||
- name: Allow reverse proxy in SELinux
|
||
ansible.posix.seboolean:
|
||
name: httpd_can_network_connect
|
||
state: true
|
||
persistent: true
|
||
when: "ansible_facts.selinux.status == 'enabled' and nginx_reverse_proxy"
|
||
|
||
- name: Enable nginx on firewall
|
||
ansible.posix.firewalld:
|
||
service: "{{ item }}"
|
||
immediate: true
|
||
permanent: true
|
||
state: enabled
|
||
loop:
|
||
- http
|
||
- https
|
||
tags: firewall
|
||
|
||
- name: Enable nginx
|
||
ansible.builtin.service:
|
||
name: nginx
|
||
enabled: true
|
||
state: restarted
|