dotfiles/roles/server/nginx/tasks/main.yml
Matej Focko 1380efe400
feat(server/nginx): implement nginx role
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-12 15:00:55 +02:00

89 lines
2 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
- name: Packages
ansible.builtin.include_tasks: install.yml
tags: install
- name: Install the proxy snippet
ansible.builtin.copy:
src: files/proxy.conf
dest: /etc/nginx/proxy.conf
mode: 0644
owner: root
group: root
- name: Install the SSL snippet
ansible.builtin.template:
src: templates/ssl.conf
dest: /etc/nginx/ssl.conf
mode: 0644
owner: root
group: root
- name: Install the default config
ansible.builtin.copy:
src: files/nginx.conf
dest: /etc/nginx/nginx.conf
mode: 0644
owner: root
group: root
- name: Install the HTTP config
ansible.builtin.template:
src: templates/http.conf
dest: /etc/nginx/http.conf
mode: 0644
owner: root
group: root
- name: Enable $HOME shortcut
ansible.builtin.template:
src: templates/me.conf
dest: /etc/nginx/conf.d/me.conf
mode: 0644
owner: root
group: root
- name: Allow httpd in homedirs in SELinux
ansible.posix.seboolean:
name: httpd_enable_homedirs
state: true
persistent: true
when: ansible_facts.selinux.status == 'enabled'
- name: Enable reverse proxy
ansible.builtin.template:
src: templates/reverse_proxy.conf
dest: "/etc/nginx/conf.d/{{ item.domain }}.conf"
mode: 0644
owner: root
group: root
vars:
proxy_domain: "{{ item.domain }}"
proxy_upstream: "{{ item.upstream }}"
proxy_protocol: "{{ item.protocol }}"
loop: "{{ server_nginx_reverse_proxy }}"
# httpd_can_network_relay was not enough for the ubiquiti reverse proxy
- name: Allow reverse proxy in SELinux
ansible.posix.seboolean:
name: httpd_can_network_connect
state: true
persistent: true
when: "ansible_facts.selinux.status == 'enabled' and server_nginx_reverse_proxy"
- name: Enable nginx on firewall
ansible.posix.firewalld:
service: "{{ item }}"
immediate: true
permanent: true
state: enabled
loop:
- http
- https
tags: firewall
- name: Enable nginx
ansible.builtin.service:
name: nginx
enabled: true
state: restarted