infrastructure/ansible/roles/nginx/tasks/main.yml
Jake Howard 026d8db13e
All checks were successful
/ terraform (push) Successful in 37s
/ ansible (push) Successful in 1m50s
Be root when generating dhparams
This is needed to write to the destination
2023-12-24 19:44:30 +00:00

71 lines
1.5 KiB
YAML

- name: Install nginx
import_role:
name: nginxinc.nginx
when: ansible_os_family != 'Archlinux'
become: true
- name: Install nginx (mainline) on Arch
package:
name: nginx-mainline
when: ansible_os_family == 'Archlinux'
become: true
- name: Install nginx modules
package:
name: "{{ item }}"
loop:
- libnginx-mod-http-headers-more-filter
- libnginx-mod-http-brotli-filter
when: ansible_os_family != 'Archlinux'
become: true
- name: Install nginx modules (on Arch)
kewlfft.aur.aur:
name: "{{ item }}"
loop:
- nginx-mainline-mod-headers-more
- nginx-mainline-mod-brotli
when: ansible_os_family == 'Archlinux'
become: true
- name: Generate Diffie-Hellman parameters
community.crypto.openssl_dhparam:
path: /etc/nginx/dhparams.pem
become: true
- name: Create config directories
file:
path: /etc/nginx/{{ item }}
state: directory
mode: "0755"
loop:
- http.d
- stream.d
- includes
become: true
- name: Copy config files
template:
src: "{{ item }}"
dest: /etc/nginx/includes/{{ item | basename }}
mode: "0644"
with_fileglob: files/includes/*.conf
become: true
notify: reload nginx
- name: Install config
template:
src: files/nginx.conf
dest: /etc/nginx/nginx.conf
mode: "0644"
become: true
notify: reload nginx
- name: Install HTTPS redirect
template:
src: files/nginx-https-redirect.conf
dest: /etc/nginx/http.d/https-redirect.conf
mode: "0644"
become: true
notify: reload nginx
when: nginx_https_redirect