main.yml (1541B)
1 --- 2 # Webserver role 3 4 - name: Install Nginx 5 apt: 6 name: nginx 7 state: present 8 update_cache: true 9 when: ansible_os_family == 'Debian' 10 11 - name: Install certbot base package 12 apt: 13 name: certbot 14 state: present 15 update_cache: true 16 when: ansible_os_family == 'Debian' 17 18 - name: Install certbot nginx plugin 19 apt: 20 name: python3-certbot-nginx 21 state: present 22 update_cache: true 23 when: ansible_os_family == 'Debian' 24 25 - name: Remove default nginx configuration 26 file: 27 path: /etc/nginx/sites-enabled/default 28 state: absent 29 30 - name: Setup extended log format 31 copy: 32 src: etc/nginx/conf.d/log-format-apm.conf 33 dest: /etc/nginx/conf.d/log-format-apm.conf 34 owner: root 35 group: root 36 mode: "0644" 37 38 - name: Check nginx config 39 ansible.builtin.command: nginx -c /etc/nginx/nginx.conf -t 40 register: result 41 ignore_errors: true 42 43 - name: Clear all sites if nginx is misconfigured 44 when: result is failed 45 block: 46 - name: Locate enabled sites 47 find: 48 path: "/etc/nginx/sites-enabled" 49 file_type: "link" 50 register: cleanup 51 ignore_errors: true 52 - name: Delete enabled sites 53 file: 54 path: "{{ item.path }}" 55 state: absent 56 with_items: "{{ cleanup.files }}" 57 ignore_errors: true 58 - name: Fail with message 59 fail: 60 msg: Clearing all enabled sites, as nginx config is broken. 61 ignore_errors: true 62 63 - name: Ensure Nginx service is enabled and started 64 service: 65 name: nginx 66 state: started 67 enabled: true