diff --git a/playbooks/configure-webproxy.yml b/playbooks/configure-webproxy.yml index 7f53043..0385821 100644 --- a/playbooks/configure-webproxy.yml +++ b/playbooks/configure-webproxy.yml @@ -1,37 +1,28 @@ --- -# TBW +- import_playbook: initialize.yml -# - name: Install Nginx -# hosts: jupiter -# handlers: -# - name: restart_nginx -# become: true -# systemd: -# name: nginx -# state: restarted -# tasks: -# - name: Install nginx and certbot -# become: true -# dnf: -# name: -# - nginx -# - certbot -# - python3-certbot-nginx -# state: present -# -# - name: Enable and start nginx -# become: true -# systemd: -# name: nginx -# state: started -# enabled: true -# -# - name: Install configuration -# become: true -# copy: -# src: nginx.conf -# dest: /etc/nginx/nginx.conf -# notify: -# - restart_nginx -# -# # sudo setsebool -P httpd_can_network_connect on + +- name: Install Nginx + hosts: jupiter + handlers: + - name: restart-nginx + import_tasks: tasks/nginx/services.yml + tasks: + - import_tasks: tasks/nginx/install.yml + + - name: Install configuration + become: true + copy: + src: nginx.conf + dest: /etc/nginx/nginx.conf + notify: + - restart-nginx + + - name: Set required SELinux options + become: true + seboolean: + name: httpd_can_network_connect + persistent: true + state: true + notify: + - restart-nginx diff --git a/playbooks/initialize.yml b/playbooks/initialize.yml index 041456d..3ee67b4 100644 --- a/playbooks/initialize.yml +++ b/playbooks/initialize.yml @@ -1,7 +1,6 @@ --- - name: Bootstrap remote ansible environment hosts: all - tags: - always vars: @@ -39,16 +38,6 @@ cmd: "{{ ansible_python_interpreter }} -m venv {{ omni_ansible_venv }} --system-site-packages" creates: "{{ omni_ansible_venv }}/bin/python" - # - name: Assign ownership of the virtualenv to ansible - # become: true - # file: - # path: "{{ omni_ansible_venv }}" - # state: directory - # owner: "{{ ansible_user }}" - # group: "{{ ansible_user }}" - # mode: 0755 - # follow: false - - name: Generate remote requirements file locally delegate_to: 127.0.0.1 command: diff --git a/resources/nginx.conf b/resources/nginx.conf new file mode 100644 index 0000000..0da4137 --- /dev/null +++ b/resources/nginx.conf @@ -0,0 +1,37 @@ +# Ansible managed file +# DO NOT MANUALLY EDIT +# +user nginx; +worker_processes auto; +error_log /var/log/nginx/error.log; +pid /run/nginx.pid; + +# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. +include /usr/share/nginx/modules/*.conf; + +events { + worker_connections 1024; +} + +http { + log_format main '$time_local $remote_addr[$status] - $remote_addr($remote_user) - $body_bytes_sent - "$request" "$http_referer" "$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # Load modular configuration files from the /etc/nginx/conf.d directory. + # See http://nginx.org/en/docs/ngx_core_module.html#include + # for more information. + include /etc/nginx/conf.d/*.conf; + +} +# +# EOF diff --git a/tasks/networkd/install.yml b/tasks/networkd/install.yml index cfadff0..ac60205 100644 --- a/tasks/networkd/install.yml +++ b/tasks/networkd/install.yml @@ -17,7 +17,7 @@ - name: Install systemd-networkd on Fedora - when: ansible_distribution == "Fedora" and ansible_distribution_major_version == "8" + when: ansible_distribution == "Fedora" become: true dnf: state: "{{ _runtime_update_state }}" diff --git a/tasks/nginx/install.yml b/tasks/nginx/install.yml new file mode 100644 index 0000000..168ce0b --- /dev/null +++ b/tasks/nginx/install.yml @@ -0,0 +1,36 @@ +--- +- name: Install Nginx and CertBot on CentOS 8 and Fedora + when: >- + (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8") + or + ansible_distribution == "Fedora" + become: true + dnf: + state: "{{ _runtime_update_state }}" + name: + - nginx + - certbot + - python3-certbot-nginx + notify: + - restart-nginx + +- name: Install Nginx and CertBot on CentOS 7 + when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7" + become: true + yum: + state: "{{ _runtime_update_state }}" + name: + - nginx + - certbot + - python-certbot-nginx + notify: + - restart-nginx + +# +# - name: Install configuration +# become: true +# copy: +# src: nginx.conf +# dest: /etc/nginx/nginx.conf +# notify: +# - restart_nginx diff --git a/tasks/nginx/services.yml b/tasks/nginx/services.yml new file mode 100644 index 0000000..49ac7ad --- /dev/null +++ b/tasks/nginx/services.yml @@ -0,0 +1,7 @@ +--- +- name: Restart nginx + become: true + systemd: + name: nginx + state: restarted + enabled: true