roles/server/nginx/vhost-unified/tasks/main.yml

   1 #####################################
   2 ### someone's ansible provisioner ###
   3 #####################################
   4 # Part of: https://git.somenet.org/root/pub/somesible.git
   5 # 2017-2024 by someone <someone@somenet.org>
   6 #
   7 ---
   8 - name: install php
   9   apt:
  10     pkg:
  11     - bzip2
  12     - php8.2
  13     - php8.2-cli
  14     - php8.2-fpm
  15     state: present
  16     policy_rc_d: 101
  17   when: vhost_type|lower() in ["php", "custom+php"]
  18   tags: "online"
  19   ignore_errors: "{{ignore_online_errors | bool}}"
  20
  21
  22 - name: install custom php modules
  23   apt:
  24     pkg: "{{vhost_php_custom}}"
  25     state: present
  26     policy_rc_d: 101
  27   when: vhost_type|lower() in ["php", "custom+php"] and vhost_php_custom != []
  28   tags: "online"
  29   ignore_errors: "{{ignore_online_errors | bool}}"
  30
  31
  32 - name: copy php-fpm-www.conf
  33   copy:
  34     src: "{{item}}"
  35     dest: "/etc/php/8.2/fpm/pool.d/www.conf"
  36     mode: 0644
  37     owner: "root"
  38     group: "root"
  39   with_first_found:
  40     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/php-fpm-www.conf"
  41     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/php-fpm-www.conf"
  42     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/php-fpm-www.conf"
  43     - "default/php-fpm-www.conf"
  44   when: vhost_type|lower() in ["php", "custom+php"]
  45   notify: restart php-fpm.service
  46
  47
  48 - name: copy php-fpm.service to /etc/systemd/system/
  49   copy:
  50     src: "{{item}}"
  51     dest: "/etc/systemd/system/php-fpm.service"
  52     mode: 0644
  53     owner: "root"
  54     group: "root"
  55   with_first_found:
  56     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/php-fpm.service"
  57     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/php-fpm.service"
  58     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/php-fpm.service"
  59     - "default/php-fpm.service"
  60   when: vhost_type|lower() in ["php", "custom+php"]
  61
  62
  63 - name: enable and start phpsessionclean.timer
  64   include_role: name="base/systemd/enable-and-start"
  65   vars:
  66     service_name: phpsessionclean.timer
  67   when: vhost_type|lower() in ["php", "custom+php"]
  68
  69
  70 - name: enable and start php-fpm.service
  71   include_role: name="base/systemd/enable-and-start"
  72   vars:
  73     service_name: php-fpm.service
  74   when: vhost_type|lower() in ["php", "custom+php"]
  75
  76
  77 - name: request letsencrypt cert for "{{vhost_name}}"
  78   include_role:
  79     name: util/letsencrypt-cert
  80   vars:
  81     letsencrypt_cert_domain: "{{vhost_name}}"
  82     letsencrypt_cert_domain_alias: "{{vhost_aliases}}"
  83   when: vhost_https_on|bool or vhost_https_force_letsencrypt|bool
  84
  85
  86 - name: set up webroot-dir for "{{vhost_name}}"
  87   file:
  88     path: "/var/www/{{vhost_name}}"
  89     state: directory
  90     mode: 0750
  91     owner: "www-data"
  92     group: "www-data"
  93
  94
  95 - name: get or update content via git for "{{vhost_name}}"
  96   git:
  97     repo: "{{vhost_git_repo}}"
  98     dest: "/var/www/{{vhost_name}}/"
  99     accept_hostkey: "yes"
 100     clone: "yes"
 101     force: "yes"
 102     recursive: "yes"
 103     track_submodules: "yes"
 104     update: "yes"
 105     version: "{{vhost_git_version}}"
 106   when: vhost_git_repo != ""
 107   tags: "nginx-vhost-content-update"
 108
 109
 110 - name: deploy some custom files
 111   copy:
 112     src:  "{{item.src}}"
 113     dest: "/var/www/{{vhost_name}}/"
 114     mode: 0640
 115     owner: "www-data"
 116     group: "www-data"
 117   with_filetree:
 118     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/{{vhost_name}}-deploy-files/"
 119     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/{{vhost_name}}-deploy-files/"
 120     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/{{vhost_name}}-deploy-files/"
 121     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/deploy-files/"
 122     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/deploy-files/"
 123     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/deploy-files/"
 124     - "default/deploy-files/"
 125   when: item.state == "file"
 126   tags: "nginx-vhost-content-update"
 127
 128
 129 - name: "fix webroot-dir permissions for {{vhost_name}}"
 130   file:
 131     path: "/var/www/{{vhost_name}}"
 132     state: directory
 133     recurse: yes
 134     mode: "u=rwX,g=rX,o-rwx"
 135     owner: "www-data"
 136     group: "www-data"
 137   when: vhost_fix_perms|bool
 138   tags: "nginx-vhost-content-update"
 139
 140
 141 - name: "include vhost_custom and vhost_custom_pre_server for {{vhost_name}}"
 142   include_vars:
 143     file: "{{item}}"
 144     name: vhost_custom
 145   with_first_found:
 146     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/{{vhost_name}}-vars_vhost_custom.yml"
 147     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/{{vhost_name}}-vars_vhost_custom.yml"
 148     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/{{vhost_name}}-vars_vhost_custom.yml"
 149     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/vars_vhost_custom.yml"
 150     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/vars_vhost_custom.yml"
 151     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/vars_vhost_custom.yml"
 152     - "default/vars_vhost_custom.yml"
 153   when: vhost_custom.vhost_custom == "" and vhost_custom.vhost_custom_pre_server == ""
 154
 155
 156 - name: generate vhost config for "{{vhost_name}}"
 157   template:
 158     src: "{{item}}"
 159     dest: "/etc/nginx/sites-enabled/{{vhost_name}}.vhost"
 160     mode: 0644
 161     owner: "root"
 162     group: "root"
 163   with_first_found:
 164     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/{{vhost_name}}-vhost.j2"
 165     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/{{vhost_name}}-vhost.j2"
 166     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/{{vhost_name}}-vhost.j2"
 167     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/vhost.j2"
 168     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/vhost.j2"
 169     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/vhost.j2"
 170     - "default/vhost.j2"
 171   notify: restart nginx.service
 172
 173
 174 - name: generate awstats config for "{{vhost_name}}"
 175   template:
 176     src: "{{item}}"
 177     dest: "/etc/awstats/awstats.{{vhost_name}}.conf"
 178     mode: 0644
 179     owner: "root"
 180     group: "root"
 181   with_first_found:
 182     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/{{vhost_name}}-awstats.j2"
 183     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/{{vhost_name}}-awstats.j2"
 184     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/{{vhost_name}}-awstats.j2"
 185     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/awstats.j2"
 186     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/awstats.j2"
 187     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/awstats.j2"
 188     - "default/awstats.j2"
 189
 190
 191 - name: reset vhost_custom and vhost_custom_pre_server
 192   include_vars:
 193     file: "default/vars_vhost_custom.yml"
 194     name: vhost_custom
 195   when: vhost_custom.vhost_custom != "" or vhost_custom.vhost_custom_pre_server != ""