summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorclarkzjw <[email protected]>2023-02-08 00:40:09 -0800
committerclarkzjw <[email protected]>2023-02-08 00:40:09 -0800
commit1204730924436ef9e1c7c49c9557837f9a5ed0e8 (patch)
tree129d79dfd11245751cee6d4082ff5d2f6e941610 /ansible/roles/nginx/tasks/main.yml
parent9635ac4dedf69de5bff65785bcc16bef80b52d75 (diff)
downloadmail-master.tar.gz
fork https://github.com/mattsta/mailwebHEADmaster
Diffstat (limited to 'ansible/roles/nginx/tasks/main.yml')
-rw-r--r--ansible/roles/nginx/tasks/main.yml118
1 files changed, 118 insertions, 0 deletions
diff --git a/ansible/roles/nginx/tasks/main.yml b/ansible/roles/nginx/tasks/main.yml
new file mode 100644
index 0000000..73469a1
--- /dev/null
+++ b/ansible/roles/nginx/tasks/main.yml
@@ -0,0 +1,118 @@
1---
2- name: emerge, nginx with extra modules!
3 apt:
4 pkg: nginx-extras
5 state: latest
6
7# Keep 32 logs
8- name: adjust nginx logrotate keep files
9 lineinfile:
10 state: present
11 path: /etc/logrotate.d/nginx
12 regexp: "^(\\s+)rotate "
13 line: "\\1rotate 32"
14 backrefs: yes
15
16# And only rotate when they grow larger than 1 GB
17- name: adjust nginx logrotate trigger rolls
18 lineinfile:
19 state: present
20 path: /etc/logrotate.d/nginx
21 regexp: "minsize"
22 line: "minsize 1G"
23 insertafter: "rotate \\d+"
24
25- name: verify nginx isn't serving default pages
26 file:
27 path: /etc/nginx/sites-enabled/default
28 state: absent
29 notify:
30 - reload nginx
31
32- name: verify nginx proxy cache dir exists
33 file:
34 path: /var/nginx/proxy-cache
35 owner: www-data
36 state: directory
37
38- name: verify nginx cpu affinity
39 lineinfile:
40 state: present
41 path: /etc/nginx/nginx.conf
42 regexp: "^worker_cpu_affinity "
43 line: "worker_cpu_affinity auto;"
44 insertafter: '^worker_processes '
45 notify:
46 - reload nginx
47
48- name: drop keepalive from nginx conf because we set it custom
49 lineinfile:
50 state: absent
51 path: /etc/nginx/nginx.conf
52 regexp: "^\\s+keepalive_timeout"
53 notify:
54 - reload nginx
55
56- name: copy config extensions
57 copy:
58 src: conf.d
59 dest: /etc/nginx/
60 notify:
61 - reload nginx
62
63- name: copy shared tls settings
64 copy:
65 src: tls/
66 dest: /etc/nginx/
67 notify:
68 - reload nginx
69
70- name: generate our templated basic sites
71 template:
72 src: basic-site.conf.j2
73 dest: "/etc/nginx/sites-available/{{ item.domain }}"
74 loop: "{{ nginx.basic }}"
75 notify:
76 - reload nginx
77
78- name: copy our more complex sites we don't want templated
79 copy:
80 src: "servers/{{ item }}"
81 dest: /etc/nginx/sites-available/
82 loop: "{{ nginx.complex }}"
83 notify:
84 - reload nginx
85
86- name: activate our nginx site configs
87 file:
88 src: "/etc/nginx/sites-available/{{ item }}"
89 dest: "/etc/nginx/sites-enabled/{{ item }}"
90 state: link
91 loop: "{{ nginx.complex }}"
92 notify:
93 - reload nginx
94
95- name: activate our nginx site templates
96 file:
97 src: "/etc/nginx/sites-available/{{ item.domain }}"
98 dest: "/etc/nginx/sites-enabled/{{ item.domain }}"
99 state: link
100 loop: "{{ nginx.basic }}"
101 notify:
102 - reload nginx
103
104- name: remove disabled sites
105 file:
106 src: "/etc/nginx/sites-enabled/{{ item }}"
107 state: absent
108 loop: "{{ nginx.disabled | default([]) }}"
109 notify:
110 - reload nginx
111
112- name: reload if certs newish
113 include_role:
114 name: certreload
115 vars:
116 certreload:
117 notifiers:
118 - reload nginx
Powered by cgit v1.2.3 (git 2.41.0)