infrastructure/ansible/roles/nginx/tasks/main.yml

- name: Install nginx
  package:
    name: "{{ 'nginx-mainline' if ansible_os_family == 'Archlinux' else 'nginx' }}"
  become: true

- name: Install nginx modules
  package:
    name: "{{ item }}"
  loop:
    - libnginx-mod-http-headers-more-filter
    - libnginx-mod-http-brotli-filter
    - libnginx-mod-stream
  when: ansible_os_family != 'Archlinux'
  become: true

- name: Install nginx modules (on Arch)
  kewlfft.aur.aur:
    name: "{{ item }}"
  loop:
    - nginx-mainline-mod-headers-more
    - nginx-mainline-mod-brotli
  when: ansible_os_family == 'Archlinux'
  become: true

- name: Generate Diffie-Hellman parameters
  community.crypto.openssl_dhparam:
    path: /etc/nginx/dhparams.pem
  become: true

- name: Create config directories
  file:
    path: /etc/nginx/{{ item }}
    state: directory
    mode: "0755"
  loop:
    - http.d
    - stream.d
    - includes
  become: true

- name: Copy config files
  template:
    src: "{{ item }}"
    dest: /etc/nginx/includes/{{ item | basename }}
    mode: "0644"
  with_fileglob: files/includes/*.conf
  become: true
  notify: reload nginx

- name: Install config
  template:
    src: files/nginx.conf
    dest: /etc/nginx/nginx.conf
    mode: "0644"
  become: true
  notify: reload nginx

- name: Install HTTPS redirect
  template:
    src: files/nginx-https-redirect.conf
    dest: /etc/nginx/http.d/https-redirect.conf
    mode: "0644"
  become: true
  notify: reload nginx
  when: nginx_https_redirect
Unify nginx configuration This creates a simple base configuration skeleton, that other configuration can be easily loaded into. 2023-12-16 17:47:04 +00:00			`- name: Install nginx`
			`package:`
Use Debian repo version of nginx It's older, and doesn't have `stream` compiled in, but the repo one can't link to any of the installed modules, which is a non-starter. 2024-01-04 14:17:36 +00:00			`name: "{{ 'nginx-mainline' if ansible_os_family == 'Archlinux' else 'nginx' }}"`
Unify nginx configuration This creates a simple base configuration skeleton, that other configuration can be easily loaded into. 2023-12-16 17:47:04 +00:00			`become: true`

Unify nginx module tasks 2023-12-20 22:35:11 +00:00			`- name: Install nginx modules`
Fully block Server header 2023-12-16 21:57:19 +00:00			`package:`
Unify nginx module tasks 2023-12-20 22:35:11 +00:00			`name: "{{ item }}"`
			`loop:`
			`- libnginx-mod-http-headers-more-filter`
			`- libnginx-mod-http-brotli-filter`
Use Debian repo version of nginx It's older, and doesn't have `stream` compiled in, but the repo one can't link to any of the installed modules, which is a non-starter. 2024-01-04 14:17:36 +00:00			`- libnginx-mod-stream`
Add brotli 2023-12-17 18:12:33 +00:00			`when: ansible_os_family != 'Archlinux'`
			`become: true`

Unify nginx module tasks 2023-12-20 22:35:11 +00:00			`- name: Install nginx modules (on Arch)`
Add brotli 2023-12-17 18:12:33 +00:00			`kewlfft.aur.aur:`
Unify nginx module tasks 2023-12-20 22:35:11 +00:00			`name: "{{ item }}"`
			`loop:`
			`- nginx-mainline-mod-headers-more`
			`- nginx-mainline-mod-brotli`
Add brotli 2023-12-17 18:12:33 +00:00			`when: ansible_os_family == 'Archlinux'`
			`become: true`

Add helpful includes Along with ensuring there are dhparams 2023-12-20 22:29:42 +00:00			`- name: Generate Diffie-Hellman parameters`
			`community.crypto.openssl_dhparam:`
			`path: /etc/nginx/dhparams.pem`
Be root when generating dhparams This is needed to write to the destination 2023-12-24 19:39:13 +00:00			`become: true`
Add helpful includes Along with ensuring there are dhparams 2023-12-20 22:29:42 +00:00
Unify nginx configuration This creates a simple base configuration skeleton, that other configuration can be easily loaded into. 2023-12-16 17:47:04 +00:00			`- name: Create config directories`
			`file:`
			`path: /etc/nginx/{{ item }}`
			`state: directory`
			`mode: "0755"`
			`loop:`
			`- http.d`
			`- stream.d`
Add helpful includes Along with ensuring there are dhparams 2023-12-20 22:29:42 +00:00			`- includes`
Unify nginx configuration This creates a simple base configuration skeleton, that other configuration can be easily loaded into. 2023-12-16 17:47:04 +00:00			`become: true`

Add include files before main nginx config 2023-12-21 14:58:04 +00:00			`- name: Copy config files`
Unify nginx configuration This creates a simple base configuration skeleton, that other configuration can be easily loaded into. 2023-12-16 17:47:04 +00:00			`template:`
Add include files before main nginx config 2023-12-21 14:58:04 +00:00			`src: "{{ item }}"`
Use nginx as reverse proxy on walker, removing traefik SSL coming soon 2023-12-21 16:13:32 +00:00			`dest: /etc/nginx/includes/{{ item \| basename }}`
Unify nginx configuration This creates a simple base configuration skeleton, that other configuration can be easily loaded into. 2023-12-16 17:47:04 +00:00			`mode: "0644"`
Use nginx as reverse proxy on walker, removing traefik SSL coming soon 2023-12-21 16:13:32 +00:00			`with_fileglob: files/includes/*.conf`
Unify nginx configuration This creates a simple base configuration skeleton, that other configuration can be easily loaded into. 2023-12-16 17:47:04 +00:00			`become: true`
			`notify: reload nginx`

Add include files before main nginx config 2023-12-21 14:58:04 +00:00			`- name: Install config`
Add helpful includes Along with ensuring there are dhparams 2023-12-20 22:29:42 +00:00			`template:`
Add include files before main nginx config 2023-12-21 14:58:04 +00:00			`src: files/nginx.conf`
			`dest: /etc/nginx/nginx.conf`
Add helpful includes Along with ensuring there are dhparams 2023-12-20 22:29:42 +00:00			`mode: "0644"`
			`become: true`
			`notify: reload nginx`

Unify nginx configuration This creates a simple base configuration skeleton, that other configuration can be easily loaded into. 2023-12-16 17:47:04 +00:00			`- name: Install HTTPS redirect`
			`template:`
			`src: files/nginx-https-redirect.conf`
			`dest: /etc/nginx/http.d/https-redirect.conf`
			`mode: "0644"`
			`become: true`
			`notify: reload nginx`
Only add HTTPS redirect when it's needed 2023-12-16 18:13:49 +00:00			`when: nginx_https_redirect`