]> git.somenet.org - root/pub/somesible.git/blob - roles/server/nginx/server/tasks/main.yml
SomeNet / public repos / root / pub / somesible.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[roles/server/mail/saslauthd] setup saslauthd
[root/pub/somesible.git] / roles / server / nginx / server / tasks / main.yml
1 #####################################
2 ### someone's ansible provisioner ###
3 #####################################
4 # Part of: https://git.somenet.org/root/pub/somesible.git
5 # 2017-2025 by someone <someone@somenet.org>
6 #
7
8 - name: install web-server
9   apt:
10     pkg:
11     - nginx-full
12     - libwww-perl
13     state: present
14     policy_rc_d: 101
15   tags: "online"
16   ignore_errors: "{{ignore_online_errors | bool}}"
17
18
19 - name: copy nginx.conf
20   copy:
21     src: "{{item}}"
22     dest: "/etc/nginx/nginx.conf"
23     mode: 0644
24     owner: "root"
25     group: "root"
26   with_first_found:
27     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/nginx.conf"
28     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/nginx.conf"
29     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/nginx.conf"
30     - "default/nginx.conf"
31   notify: restart nginx.service
32
33
34 - name: copy default vhost
35   copy:
36     src: "{{item}}"
37     dest: "/etc/nginx/sites-enabled/000-default.vhost"
38     mode: 0644
39     owner: "root"
40     group: "root"
41   with_first_found:
42     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/000-default.vhost"
43     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/000-default.vhost"
44     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/000-default.vhost"
45     - "default/000-default.vhost"
46   register: temp_result
47
48
49 - name: enable and restart nginx.service when default vhost changes
50   systemd:
51     name: nginx.service
52     daemon_reload: yes
53     enabled: yes
54     state: restarted
55   when: temp_result.changed
56
57
58 - name: copy default robots.txt
59   copy:
60     src: "{{item}}"
61     dest: "/var/www/html/robots.txt"
62     mode: 0644
63     owner: "root"
64     group: "root"
65   with_first_found:
66     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/robots.txt"
67     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/robots.txt"
68     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/robots.txt"
69     - "default/robots.txt"
70   notify: restart nginx.service
71
72
73 - name: copy default maintenance.html
74   copy:
75     src: "{{item}}"
76     dest: "/var/www/maintenance.html.dis"
77     mode: 0644
78     owner: "root"
79     group: "root"
80   with_first_found:
81     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/maintenance.html"
82     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/maintenance.html"
83     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/maintenance.html"
84     - "default/maintenance.html"
85   notify: restart nginx.service
86
87
88 - name: fix permissions of /var/www/
89   file:
90     path: "/var/www/"
91     state: directory
92     mode: 0755
93     owner: "root"
94     group: "root"
95
96
97 - name: fix permissions of /var/www/html/
98   file:
99     path: "/var/www/html"
100     state: directory
101     mode: 0755
102     owner: "root"
103     group: "root"
104
105
106 - name: enable and start nginx.service
107   include_role: name="base/systemd/enable-and-start"
108   vars:
109     service_name: nginx.service
110
111
112 ###########
113 # AWSTATS #
114 ###########
115 - name: install awstats
116   apt:
117     pkg:
118     - fcgiwrap
119     - awstats
120     - libnet-ip-perl
121     - libnet-dns-perl
122     state: present
123     policy_rc_d: 101
124   tags: "online"
125   ignore_errors: "{{ignore_online_errors | bool}}"
126
127
128 - name: remove broken awstats directory
129   file:
130     path: "/etc/logrotate.d/httpd-prerotate/awstats"
131     state: absent
132
133
134 - name: disable periodic update by cron
135   copy:
136     content: "# disabled by someone's ansible provisioner"
137     dest: "/etc/cron.d/awstats"
138     mode: 0640
139     owner: "root"
140     group: "root"
141
142
143 - name: copy awstats "default" vhost config
144   copy:
145     src: "{{item}}"
146     dest: "/etc/awstats/awstats.conf.local"
147     mode: 0644
148     owner: "root"
149     group: "root"
150   with_first_found:
151     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/awstats.conf.local"
152     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/awstats.conf.local"
153     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/awstats.conf.local"
154     - "default/awstats.conf.local"
155
156
157 - name: copy awstats logrotate script
158   copy:
159     src: "{{item}}"
160     dest: "/etc/logrotate.d/httpd-prerotate/awstats-logrotate-script"
161     mode: 0750
162     owner: "root"
163     group: "root"
164   with_first_found:
165     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/awstats-logrotate-script"
166     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/awstats-logrotate-script"
167     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/awstats-logrotate-script"
168     - "default/awstats-logrotate-script"
169
170
171 - name: nginx logrotate zzz config
172   copy:
173     src: "{{item}}"
174     dest: "/etc/logrotate.d/zzz_nginx"
175     mode: 0644
176     owner: "root"
177     group: "root"
178   with_first_found:
179     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/nginx.logrotate"
180     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/nginx.logrotate"
181     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/nginx.logrotate"
182     - "default/nginx.logrotate"
183
184
185 - name: nginx logrotate empty config
186   copy:
187     src: "{{item}}"
188     dest: "/etc/logrotate.d/nginx"
189     mode: 0644
190     owner: "root"
191     group: "root"
192   with_first_found:
193     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/nginx.empty.logrotate"
194     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/nginx.empty.logrotate"
195     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/nginx.empty.logrotate"
196     - "default/nginx.empty.logrotate"
197
198
199 - name: nginx-awstats pam.d config
200   copy:
201     src: "{{item}}"
202     dest: "/etc/pam.d/nginx-awstats"
203     mode: 0644
204     owner: "root"
205     group: "root"
206   with_first_found:
207     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/nginx-awstats.pam"
208     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/nginx-awstats.pam"
209     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/nginx-awstats.pam"
210     - "default/nginx-awstats.pam"
211
212
213 - name: enable and start fcgiwrap.socket
214   include_role: name="base/systemd/enable-and-start"
215   vars:
216     service_name: fcgiwrap.socket