crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[nginx] Load global and local nginx configuration 

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
certbot_on_virtu
ynerant 2021-02-17 20:29:12 +01:00
parent ec262bd5c1
commit a9897ec3c0
4 changed files with 11 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
group_vars/nginx.yml
View File

@ -1,5 +1,9 @@
--- ---
glob_nginx: glob_nginx:
ssl:
cert: /etc/letsencrypt/live/crans.org/fullchain.pem
cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
servers: servers:
server_name: server_name:
- "default" - "default"

12
plays/mailman.yml
View File

@ -8,20 +8,10 @@
default_url: "https://lists.crans.org/" default_url: "https://lists.crans.org/"
default_host: "lists.crans.org" default_host: "lists.crans.org"
default_language: "fr" default_language: "fr"
auth_basic: |
"On n'aime pas les spambots, donc on a mis un mot de passe. Le login est Stop et le mot de passe est Spam.";
custom_logo: "crans_icon_dark.svg"
custom_logo_name: "crans.svg"
custom_logo_url: "https://www.crans.org/"
custom_logo_alt: "CRANS"
spamassassin: "SpamAssassin_crans" spamassassin: "SpamAssassin_crans"
smtphost: "smtp.adm.crans.org" smtphost: "smtp.adm.crans.org"
mynetworks: ['138.231.0.0/16', '185.230.76.0/22', '2a0c:700:0::/40'] mynetworks: ['138.231.0.0/16', '185.230.76.0/22', '2a0c:700:0::/40']
nginx: nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
ssl:
cert: /etc/letsencrypt/live/crans.org/fullchain.pem
cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
roles: roles:
- mailman - mailman
- nginx - nginx

2
plays/mirror.yml
View File

@ -71,6 +71,8 @@
cron_time: "00 5" cron_time: "00 5"
rsync_host: cdimage.ubuntu.com rsync_host: cdimage.ubuntu.com
rsync_path: cdimage/ubuntu-mate/releases rsync_path: cdimage/ubuntu-mate/releases
nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
roles: roles:
- ftpsync - ftpsync
- rsync-mirror - rsync-mirror

8
roles/nginx/tasks/main.yml
View File

@ -21,7 +21,7 @@
dest: /etc/letsencrypt/dhparam dest: /etc/letsencrypt/dhparam
- name: Copy reverse proxy sites - name: Copy reverse proxy sites
when: nginx.reverseproxy_sites|length + nginx.redirect_sites|length > 0 when: nginx.reverseproxy_sites is defined or nginx.redirect_sites is defined
template: template:
src: "nginx/sites-available/{{ item }}.j2" src: "nginx/sites-available/{{ item }}.j2"
dest: "/etc/nginx/sites-available/{{ item }}" dest: "/etc/nginx/sites-available/{{ item }}"
@ -32,7 +32,7 @@
notify: Reload nginx notify: Reload nginx
- name: Activate reverse proxy sites - name: Activate reverse proxy sites
when: nginx.reverseproxy_sites|length + nginx.redirect_sites|length > 0 when: nginx.reverseproxy_sites is defined or nginx.redirect_sites is defined
file: file:
src: "/etc/nginx/sites-available/{{ item }}" src: "/etc/nginx/sites-available/{{ item }}"
dest: "/etc/nginx/sites-enabled/{{ item }}" dest: "/etc/nginx/sites-enabled/{{ item }}"
@ -45,14 +45,14 @@
ignore_errors: "{{ ansible_check_mode }}" ignore_errors: "{{ ansible_check_mode }}"
- name: Copy service nginx configuration - name: Copy service nginx configuration
when: nginx.servers|length > 0 when: nginx.servers is defined and nginx.servers|length > 0
template: template:
src: "nginx/sites-available/service.j2" src: "nginx/sites-available/service.j2"
dest: "/etc/nginx/sites-available/service" dest: "/etc/nginx/sites-available/service"
notify: Reload nginx notify: Reload nginx
- name: Activate local nginx service site - name: Activate local nginx service site
when: nginx.servers|length > 0 when: nginx.servers|bool
file: file:
src: "/etc/nginx/sites-available/service" src: "/etc/nginx/sites-available/service"
dest: "/etc/nginx/sites-enabled/service" dest: "/etc/nginx/sites-enabled/service"