]> git.somenet.org - root/pub/somesible.git/blob - roles/server/nginx/vhost-unified/tasks/main.yml
roles/service/nextcloud/defaults
[root/pub/somesible.git] / roles / server / nginx / vhost-unified / tasks / main.yml
1 #####################################
2 ### someone's ansible provisioner ###
3 #####################################
4 # Part of: https://git.somenet.org/root/pub/somesible.git
5 # 2017-2024 by someone <someone@somenet.org>
6 #
7 ---
8 - name: install php
9   apt:
10     pkg:
11     - bzip2
12     - php8.2
13     - php8.2-cli
14     - php8.2-fpm
15     state: present
16     policy_rc_d: 101
17   when: vhost_type|lower() in ["php", "custom+php"]
18   tags: "online"
19   ignore_errors: "{{ignore_online_errors | bool}}"
20
21
22 - name: install custom php modules
23   apt:
24     pkg: "{{vhost_php_custom}}"
25     state: present
26     policy_rc_d: 101
27   when: vhost_type|lower() in ["php", "custom+php"] and vhost_php_custom != []
28   tags: "online"
29   ignore_errors: "{{ignore_online_errors | bool}}"
30
31
32 - name: copy php-fpm-www.conf
33   copy:
34     src: "{{item}}"
35     dest: "/etc/php/8.2/fpm/pool.d/www.conf"
36     mode: 0644
37     owner: "root"
38     group: "root"
39   with_first_found:
40     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/php-fpm-www.conf"
41     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/php-fpm-www.conf"
42     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/php-fpm-www.conf"
43     - "default/php-fpm-www.conf"
44   when: vhost_type|lower() in ["php", "custom+php"]
45   notify: restart php-fpm.service
46
47
48 - name: copy php-fpm.service to /etc/systemd/system/
49   copy:
50     src: "{{item}}"
51     dest: "/etc/systemd/system/php-fpm.service"
52     mode: 0644
53     owner: "root"
54     group: "root"
55   with_first_found:
56     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/php-fpm.service"
57     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/php-fpm.service"
58     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/php-fpm.service"
59     - "default/php-fpm.service"
60   when: vhost_type|lower() in ["php", "custom+php"]
61
62
63 - name: enable and start phpsessionclean.timer
64   include_role: name="base/systemd/enable-and-start"
65   vars:
66     service_name: phpsessionclean.timer
67   when: vhost_type|lower() in ["php", "custom+php"]
68
69
70 - name: enable and start php-fpm.service
71   include_role: name="base/systemd/enable-and-start"
72   vars:
73     service_name: php-fpm.service
74   when: vhost_type|lower() in ["php", "custom+php"]
75
76
77 - name: request letsencrypt cert for "{{vhost_name}}"
78   include_role:
79     name: util/letsencrypt-cert
80   vars:
81     letsencrypt_cert_domain: "{{vhost_name}}"
82     letsencrypt_cert_domain_alias: "{{vhost_aliases}}"
83   when: vhost_https_on|bool or vhost_https_force_letsencrypt|bool
84
85
86 - name: set up webroot-dir for "{{vhost_name}}"
87   file:
88     path: "/var/www/{{vhost_name}}"
89     state: directory
90     mode: 0750
91     owner: "www-data"
92     group: "www-data"
93
94
95 - name: get or update content via git for "{{vhost_name}}"
96   git:
97     repo: "{{vhost_git_repo}}"
98     dest: "/var/www/{{vhost_name}}/"
99     accept_hostkey: "yes"
100     clone: "yes"
101     force: "yes"
102     recursive: "yes"
103     track_submodules: "yes"
104     update: "yes"
105     version: "{{vhost_git_version}}"
106   when: vhost_git_repo != ""
107   tags: "nginx-vhost-content-update"
108
109
110 - name: deploy some custom files
111   copy:
112     src:  "{{item.src}}"
113     dest: "/var/www/{{vhost_name}}/"
114     mode: 0640
115     owner: "www-data"
116     group: "www-data"
117   with_filetree:
118     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/{{vhost_name}}-deploy-files/"
119     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/{{vhost_name}}-deploy-files/"
120     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/{{vhost_name}}-deploy-files/"
121     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/deploy-files/"
122     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/deploy-files/"
123     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/deploy-files/"
124     - "default/deploy-files/"
125   when: item.state == "file"
126   tags: "nginx-vhost-content-update"
127
128
129 - name: "fix webroot-dir permissions for {{vhost_name}}"
130   file:
131     path: "/var/www/{{vhost_name}}"
132     state: directory
133     recurse: yes
134     mode: "u=rwX,g=rX,o-rwx"
135     owner: "www-data"
136     group: "www-data"
137   when: vhost_fix_perms|bool
138   tags: "nginx-vhost-content-update"
139
140
141 - name: "include vhost_custom and vhost_custom_pre_server for {{vhost_name}}"
142   include_vars:
143     file: "{{item}}"
144     name: vhost_custom
145   with_first_found:
146     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/{{vhost_name}}-vars_vhost_custom.yml"
147     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/{{vhost_name}}-vars_vhost_custom.yml"
148     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/{{vhost_name}}-vars_vhost_custom.yml"
149     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/vars_vhost_custom.yml"
150     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/vars_vhost_custom.yml"
151     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/vars_vhost_custom.yml"
152     - "default/vars_vhost_custom.yml"
153   when: vhost_custom.vhost_custom == "" and vhost_custom.vhost_custom_pre_server == ""
154
155
156 - name: generate vhost config for "{{vhost_name}}"
157   template:
158     src: "{{item}}"
159     dest: "/etc/nginx/sites-enabled/{{vhost_name}}.vhost"
160     mode: 0644
161     owner: "root"
162     group: "root"
163   with_first_found:
164     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/{{vhost_name}}-vhost.j2"
165     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/{{vhost_name}}-vhost.j2"
166     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/{{vhost_name}}-vhost.j2"
167     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/vhost.j2"
168     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/vhost.j2"
169     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/vhost.j2"
170     - "default/vhost.j2"
171   notify: restart nginx.service
172
173
174 - name: generate awstats config for "{{vhost_name}}"
175   template:
176     src: "{{item}}"
177     dest: "/etc/awstats/awstats.{{vhost_name}}.conf"
178     mode: 0644
179     owner: "root"
180     group: "root"
181   with_first_found:
182     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/{{vhost_name}}-awstats.j2"
183     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/{{vhost_name}}-awstats.j2"
184     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/{{vhost_name}}-awstats.j2"
185     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/awstats.j2"
186     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/awstats.j2"
187     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/awstats.j2"
188     - "default/awstats.j2"
189
190
191 - name: reset vhost_custom and vhost_custom_pre_server
192   include_vars:
193     file: "default/vars_vhost_custom.yml"
194     name: vhost_custom
195   when: vhost_custom.vhost_custom != "" or vhost_custom.vhost_custom_pre_server != ""