add dl role
This commit is contained in:
parent
0760ae4c2c
commit
0e6490bbd2
GPG Key ID:
877EEDAF9245103D
8
roles/dl/defaults/main.yaml
Normal file
8
roles/dl/defaults/main.yaml
Normal file
@ -0,0 +1,8 @@
|
||||
---
|
||||
dl_server_name: dl.kill0.net
|
||||
dl_server_root: /var/www/dl
|
||||
dl_access_log: /var/log/nginx/dl.access.log
|
||||
dl_error_log: /var/log/nginx/dl.error.log
|
||||
dl_ssl_enabled: false
|
||||
dl_ssl_certificate: "/etc/letsencrypt/live/{{ dl_server_name }}/fullchain.pem"
|
||||
dl_ssl_certificate_key: "/etc/letsencrypt/live/{{ dl_server_name }}/privkey.pem"
|
||||
5
roles/dl/handlers/main.yaml
Normal file
5
roles/dl/handlers/main.yaml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
- name: reload nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
31
roles/dl/tasks/main.yaml
Normal file
31
roles/dl/tasks/main.yaml
Normal file
@ -0,0 +1,31 @@
|
||||
---
|
||||
- name: check if SSL key exists
|
||||
stat:
|
||||
path: "{{ dl_ssl_certificate_key }}"
|
||||
register: key_st
|
||||
|
||||
- name: check if SSL certificate exists
|
||||
stat:
|
||||
path: "{{ dl_ssl_certificate }}"
|
||||
register: crt_st
|
||||
|
||||
- name: ssl enabled
|
||||
set_fact:
|
||||
dl_ssl_enabled: true
|
||||
when:
|
||||
- key_st.stat.exists
|
||||
- crt_st.stat.exists
|
||||
|
||||
- name: configure nginx
|
||||
template:
|
||||
src: nginx.conf.j2
|
||||
dest: "/etc/nginx/conf.d/dl.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: reload nginx
|
||||
|
||||
- name: create web root
|
||||
file:
|
||||
path: "{{ dl_server_root }}"
|
||||
state: directory
|
||||
63
roles/dl/templates/nginx.conf.j2
Normal file
63
roles/dl/templates/nginx.conf.j2
Normal file
@ -0,0 +1,63 @@
|
||||
# {{ ansible_managed }}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
{% if ansible_all_ipv6_addresses | length %}
|
||||
listen [::]:80;
|
||||
{% endif %}
|
||||
server_name {{ dl_server_name }};
|
||||
|
||||
access_log {{ dl_access_log }} main;
|
||||
error_log {{ dl_error_log }} warn;
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/html;
|
||||
try_files $uri =404;
|
||||
}
|
||||
|
||||
{% if dl_ssl_enabled is defined and
|
||||
dl_ssl_enabled %}
|
||||
location / {
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
{% if dl_ssl_enabled is defined and
|
||||
dl_ssl_enabled %}
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
{% if ansible_all_ipv6_addresses | length %}
|
||||
listen [::]:443 ssl http2;
|
||||
{% endif %}
|
||||
server_name {{ dl_server_name }};
|
||||
access_log {{ dl_access_log }} main;
|
||||
error_log {{ dl_error_log }} warn;
|
||||
|
||||
root {{ dl_server_root }};
|
||||
|
||||
{% if dl_ssl_certificate is defined %}
|
||||
ssl_certificate {{ dl_ssl_certificate }};
|
||||
{% endif %}
|
||||
{% if dl_ssl_certificate_key is defined %}
|
||||
ssl_certificate_key {{ dl_ssl_certificate_key }};
|
||||
{% endif %}
|
||||
{% if dl_ssl_dhparam is defined %}
|
||||
ssl_dhparam {{ dl_ssl_dhparam }};
|
||||
{% endif %}
|
||||
|
||||
location ~ ^\/~(.+?)(\/.*)?$ {
|
||||
alias /home/$1/public_html$2;
|
||||
index index.html index.htm;
|
||||
autoindex on;
|
||||
auth_basic "Files";
|
||||
auth_basic_user_file /home/$1/.htpasswd;
|
||||
}
|
||||
|
||||
location /repo/ {
|
||||
root /var/www/html;
|
||||
autoindex on;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
||||
{% endif %}
|
||||
Loading…
Reference in New Issue
Block a user