46 lines
1.2 KiB
YAML
46 lines
1.2 KiB
YAML
---
|
|
- name: Install nginx
|
|
ansible.builtin.apt:
|
|
name: nginx
|
|
# Debian-ism to prevent auto-start of nginx on installation as
|
|
# we still need to do some configuration.
|
|
policy_rc_d: 101
|
|
|
|
- name: Install passlib (for htpasswd)
|
|
ansible.builtin.apt:
|
|
name: python3-passlib
|
|
|
|
- name: Create password file for HTTP basic authentication
|
|
community.general.htpasswd:
|
|
path: /etc/nginx/passwdfile
|
|
name: admin
|
|
password: "{{ nginx_htpasswd }}"
|
|
owner: root
|
|
group: www-data
|
|
mode: "0640"
|
|
|
|
- name: Check if the passwdfile exists
|
|
ansible.builtin.stat:
|
|
path: /etc/nginx/passwdfile
|
|
register: htpasswdfile
|
|
|
|
- name: Iterate over configured nginx sites (proxy pass)
|
|
ansible.builtin.include_tasks: proxy-pass.yml
|
|
loop: "{{ nginx_proxy_pass }}"
|
|
vars:
|
|
site_name: "{{ item['name'] }}"
|
|
site_port: "{{ item['port'] }}"
|
|
site_cert: "{{ item['cert'] }}"
|
|
|
|
- name: Iterate over configured nginx sites (grpc pass)
|
|
ansible.builtin.include_tasks: grpc-pass.yml
|
|
loop: "{{ nginx_grpc_pass }}"
|
|
vars:
|
|
site_name: "{{ item['name'] }}"
|
|
site_port: "{{ item['port'] }}"
|
|
site_cert: "{{ item['cert'] }}"
|
|
|
|
- name: Disable default nginx site
|
|
ansible.builtin.file:
|
|
path: /etc/nginx/sites-enabled/default
|
|
state: absent
|