#####################################
### someone's ansible provisioner ###
#####################################
# Part of: https://git.somenet.org/root/pub/somesible.git
# 2017-2025 by someone <someone@somenet.org>
#
---
- name: install php
apt:
pkg:
- bzip2
- php8.2
- php8.2-cli
- php8.2-fpm
state: present
policy_rc_d: 101
when: vhost_type|lower() in ["php", "custom+php"]
tags: "online"
ignore_errors: "{{ignore_online_errors | bool}}"
- name: install custom php modules
apt:
pkg: "{{vhost_php_custom}}"
state: present
policy_rc_d: 101
when: vhost_type|lower() in ["php", "custom+php"] and vhost_php_custom != []
tags: "online"
ignore_errors: "{{ignore_online_errors | bool}}"
- name: copy php-fpm-www.conf
copy:
src: "{{item}}"
dest: "/etc/php/8.2/fpm/pool.d/www.conf"
mode: 0644
owner: "root"
group: "root"
with_first_found:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/php-fpm-www.conf"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/php-fpm-www.conf"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/php-fpm-www.conf"
- "default/php-fpm-www.conf"
when: vhost_type|lower() in ["php", "custom+php"]
notify: restart php-fpm.service
- name: copy php-fpm.service to /etc/systemd/system/
copy:
src: "{{item}}"
dest: "/etc/systemd/system/php-fpm.service"
mode: 0644
owner: "root"
group: "root"
with_first_found:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/php-fpm.service"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/php-fpm.service"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/php-fpm.service"
- "default/php-fpm.service"
when: vhost_type|lower() in ["php", "custom+php"]
- name: enable and start phpsessionclean.timer
include_role: name="base/systemd/enable-and-start"
vars:
service_name: phpsessionclean.timer
when: vhost_type|lower() in ["php", "custom+php"]
- name: enable and start php-fpm.service
include_role: name="base/systemd/enable-and-start"
vars:
service_name: php-fpm.service
when: vhost_type|lower() in ["php", "custom+php"]
- name: request letsencrypt cert for "{{vhost_name}}"
include_role:
name: util/letsencrypt-cert
vars:
letsencrypt_cert_domain: "{{vhost_name}}"
letsencrypt_cert_domain_alias: "{{vhost_aliases}}"
when: vhost_https_on|bool or vhost_https_force_letsencrypt|bool
- name: set up webroot-dir for "{{vhost_name}}"
file:
path: "/var/www/{{vhost_name}}"
state: directory
mode: 0750
owner: "www-data"
group: "www-data"
- name: get or update content via git for "{{vhost_name}}"
git:
repo: "{{vhost_git_repo}}"
dest: "/var/www/{{vhost_name}}/"
accept_hostkey: "yes"
clone: "yes"
force: "yes"
recursive: "yes"
track_submodules: "yes"
update: "yes"
version: "{{vhost_git_version}}"
when: vhost_git_repo != ""
tags: "nginx-vhost-content-update"
- name: deploy some custom files
copy:
src: "{{item.src}}"
dest: "/var/www/{{vhost_name}}/"
mode: 0640
owner: "www-data"
group: "www-data"
with_filetree:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/{{vhost_name}}-deploy-files/"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/{{vhost_name}}-deploy-files/"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/{{vhost_name}}-deploy-files/"
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/deploy-files/"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/deploy-files/"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/deploy-files/"
- "default/deploy-files/"
when: item.state == "file"
tags: "nginx-vhost-content-update"
- name: "fix webroot-dir permissions for {{vhost_name}}"
file:
path: "/var/www/{{vhost_name}}"
state: directory
recurse: yes
mode: "u=rwX,g=rX,o-rwx"
owner: "www-data"
group: "www-data"
when: vhost_fix_perms|bool
tags: "nginx-vhost-content-update"
- name: "include vhost_custom and vhost_custom_pre_server for {{vhost_name}}"
include_vars:
file: "{{item}}"
name: vhost_custom
with_first_found:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/{{vhost_name}}-vars_vhost_custom.yml"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/{{vhost_name}}-vars_vhost_custom.yml"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/{{vhost_name}}-vars_vhost_custom.yml"
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/vars_vhost_custom.yml"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/vars_vhost_custom.yml"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/vars_vhost_custom.yml"
- "default/vars_vhost_custom.yml"
when: vhost_custom.vhost_custom == "" and vhost_custom.vhost_custom_pre_server == ""
- name: generate vhost config for "{{vhost_name}}"
template:
src: "{{item}}"
dest: "/etc/nginx/sites-enabled/{{vhost_name}}.vhost"
mode: 0644
owner: "root"
group: "root"
with_first_found:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/{{vhost_name}}-vhost.j2"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/{{vhost_name}}-vhost.j2"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/{{vhost_name}}-vhost.j2"
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/vhost.j2"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/vhost.j2"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/vhost.j2"
- "default/vhost.j2"
notify: restart nginx.service
- name: generate awstats config for "{{vhost_name}}"
template:
src: "{{item}}"
dest: "/etc/awstats/awstats.{{vhost_name}}.conf"
mode: 0644
owner: "root"
group: "root"
with_first_found:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/{{vhost_name}}-awstats.j2"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/{{vhost_name}}-awstats.j2"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/{{vhost_name}}-awstats.j2"
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/awstats.j2"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/awstats.j2"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/awstats.j2"
- "default/awstats.j2"
- name: reset vhost_custom and vhost_custom_pre_server
include_vars:
file: "default/vars_vhost_custom.yml"
name: vhost_custom
when: vhost_custom.vhost_custom != "" or vhost_custom.vhost_custom_pre_server != ""