first commit

2024-09-17 00:47:41 +02:00 · 2024-09-17 00:47:41 +02:00 · 3bfbd3f7f9
commit 3bfbd3f7f9
10 changed files with 329 additions and 0 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,84 @@
+---
+# tasks file for nginx
+- name: Install nginx
+  ansible.builtin.apt:
+    name: nginx
+    state: present
+  notify: Start and enable nginx
+
+- name: Remove default from sites-enabled
+  ansible.builtin.file:
+    path: /etc/nginx/sites-enabled/default
+    state: absent
+
+- name: Comment ssl_protocols out in nginx.conf, is defined in security.conf
+  ansible.builtin.replace:
+    path: /etc/nginx/nginx.conf
+    regexp: '^(\s*ssl_protocols)'
+    replace: '#\1'
+
+- name: Second time, because of emptyline ¯\_(ツ)_/¯
+  ansible.builtin.replace:
+    path: /etc/nginx/nginx.conf
+    regexp: '^(\s*ssl_protocols)'
+    replace: '#\1'
+
+- name: Comment ssl_prefer_server_ciphers out in nginx.conf, is defined in security.conf
+  ansible.builtin.replace:
+    path: /etc/nginx/nginx.conf
+    regexp: '^(\s*ssl_prefer_server_ciphers)'
+    replace: '#\1'
+
+- name: Create security.conf
+  ansible.builtin.template:
+    src: templates/security.conf.j2
+    dest: /etc/nginx/conf.d/security.conf
+    owner: root
+    group: root
+    mode: '0644'
+  notify: Reload nginx
+
+- name: Create proxy_params
+  ansible.builtin.template:
+    src: templates/proxy_params.j2
+    dest: /etc/nginx/proxy_params
+    owner: root
+    group: root
+    mode: '0644'
+  notify: Reload nginx
+
+- name: Create ws_params
+  ansible.builtin.template:
+    src: templates/ws_params.j2
+    dest: /etc/nginx/ws_params
+    owner: root
+    group: root
+    mode: '0644'
+  notify: Reload nginx
+
+- name: Configure http redirect
+  ansible.builtin.template:
+    src: templates/http_redirect.conf.j2
+    dest: /etc/nginx/conf.d/http_redirect.conf
+    owner: root
+    group: root
+    mode: '0644'
+  notify: Reload nginx
+
+- name: Configure reverse proxies
+  ansible.builtin.template:
+    src: templates/reverse_proxy.conf.j2
+    dest: /etc/nginx/sites-available/{{ item.key }}.conf
+    owner: root
+    group: root
+    mode: '0644'
+  loop: "{{ reverse_proxies | dict2items }}"
+  notify: Reload nginx
+
+- name: Create a symbolic link
+  ansible.builtin.file:
+    src: /etc/nginx/sites-available/{{ item.key }}.conf
+    dest: /etc/nginx/sites-enabled/{{ item.key }}.conf
+    state: link
+  loop: "{{ reverse_proxies | dict2items }}"
+  notify: Reload nginx