add dl role
This commit is contained in:
parent
0760ae4c2c
commit
0e6490bbd2
GPG Key ID:
877EEDAF9245103D
8
roles/dl/defaults/main.yaml
Normal file
8
roles/dl/defaults/main.yaml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
dl_server_name: dl.kill0.net
|
||||||
|
dl_server_root: /var/www/dl
|
||||||
|
dl_access_log: /var/log/nginx/dl.access.log
|
||||||
|
dl_error_log: /var/log/nginx/dl.error.log
|
||||||
|
dl_ssl_enabled: false
|
||||||
|
dl_ssl_certificate: "/etc/letsencrypt/live/{{ dl_server_name }}/fullchain.pem"
|
||||||
|
dl_ssl_certificate_key: "/etc/letsencrypt/live/{{ dl_server_name }}/privkey.pem"
|
||||||
5
roles/dl/handlers/main.yaml
Normal file
5
roles/dl/handlers/main.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
- name: reload nginx
|
||||||
|
service:
|
||||||
|
name: nginx
|
||||||
|
state: reloaded
|
||||||
31
roles/dl/tasks/main.yaml
Normal file
31
roles/dl/tasks/main.yaml
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
---
|
||||||
|
- name: check if SSL key exists
|
||||||
|
stat:
|
||||||
|
path: "{{ dl_ssl_certificate_key }}"
|
||||||
|
register: key_st
|
||||||
|
|
||||||
|
- name: check if SSL certificate exists
|
||||||
|
stat:
|
||||||
|
path: "{{ dl_ssl_certificate }}"
|
||||||
|
register: crt_st
|
||||||
|
|
||||||
|
- name: ssl enabled
|
||||||
|
set_fact:
|
||||||
|
dl_ssl_enabled: true
|
||||||
|
when:
|
||||||
|
- key_st.stat.exists
|
||||||
|
- crt_st.stat.exists
|
||||||
|
|
||||||
|
- name: configure nginx
|
||||||
|
template:
|
||||||
|
src: nginx.conf.j2
|
||||||
|
dest: "/etc/nginx/conf.d/dl.conf"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
notify: reload nginx
|
||||||
|
|
||||||
|
- name: create web root
|
||||||
|
file:
|
||||||
|
path: "{{ dl_server_root }}"
|
||||||
|
state: directory
|
||||||
63
roles/dl/templates/nginx.conf.j2
Normal file
63
roles/dl/templates/nginx.conf.j2
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
{% if ansible_all_ipv6_addresses | length %}
|
||||||
|
listen [::]:80;
|
||||||
|
{% endif %}
|
||||||
|
server_name {{ dl_server_name }};
|
||||||
|
|
||||||
|
access_log {{ dl_access_log }} main;
|
||||||
|
error_log {{ dl_error_log }} warn;
|
||||||
|
|
||||||
|
location /.well-known/acme-challenge/ {
|
||||||
|
root /var/www/html;
|
||||||
|
try_files $uri =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
{% if dl_ssl_enabled is defined and
|
||||||
|
dl_ssl_enabled %}
|
||||||
|
location / {
|
||||||
|
return 301 https://$server_name$request_uri;
|
||||||
|
}
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
|
||||||
|
{% if dl_ssl_enabled is defined and
|
||||||
|
dl_ssl_enabled %}
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
{% if ansible_all_ipv6_addresses | length %}
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
{% endif %}
|
||||||
|
server_name {{ dl_server_name }};
|
||||||
|
access_log {{ dl_access_log }} main;
|
||||||
|
error_log {{ dl_error_log }} warn;
|
||||||
|
|
||||||
|
root {{ dl_server_root }};
|
||||||
|
|
||||||
|
{% if dl_ssl_certificate is defined %}
|
||||||
|
ssl_certificate {{ dl_ssl_certificate }};
|
||||||
|
{% endif %}
|
||||||
|
{% if dl_ssl_certificate_key is defined %}
|
||||||
|
ssl_certificate_key {{ dl_ssl_certificate_key }};
|
||||||
|
{% endif %}
|
||||||
|
{% if dl_ssl_dhparam is defined %}
|
||||||
|
ssl_dhparam {{ dl_ssl_dhparam }};
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
location ~ ^\/~(.+?)(\/.*)?$ {
|
||||||
|
alias /home/$1/public_html$2;
|
||||||
|
index index.html index.htm;
|
||||||
|
autoindex on;
|
||||||
|
auth_basic "Files";
|
||||||
|
auth_basic_user_file /home/$1/.htpasswd;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /repo/ {
|
||||||
|
root /var/www/html;
|
||||||
|
autoindex on;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
{% endif %}
|
||||||
Loading…
Reference in New Issue
Block a user