ryanc/ansible
1
0
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity

use upstream nginx package

Browse Source
This commit is contained in:
Ryan Cavicchioni 2020-09-20 22:44:45 -05:00
parent 66312d4a90
commit dadbca219e
Signed by: ryanc
GPG Key ID: 877EEDAF9245103D
7 changed files with 105 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
roles/gitea/tasks/nginx.yaml
View File

@ -1,17 +1,8 @@
- name: configure nginx - name: configure nginx
template: template:
src: nginx.conf.j2 src: nginx.conf.j2
dest: /etc/nginx/sites-available/gitea dest: "{{ nginx_conf_d_path }}/gitea.conf"
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
notify: reload nginx notify: reload nginx
- name: activate site
file:
src: /etc/nginx/sites-available/gitea
dest: /etc/nginx/sites-enabled/gitea
owner: root
group: root
state: link
notify: reload nginx

11
roles/grafana/tasks/nginx.yaml
View File

@ -1,17 +1,8 @@
- name: configure nginx - name: configure nginx
template: template:
src: nginx.conf.j2 src: nginx.conf.j2
dest: /etc/nginx/sites-available/grafana dest: "{{ nginx_conf_d_path }}/grafana.conf"
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
notify: reload nginx notify: reload nginx
- name: activate site
file:
src: /etc/nginx/sites-available/grafana
dest: /etc/nginx/sites-enabled/grafana
owner: root
group: root
state: link
notify: reload nginx

17
roles/nginx/defaults/main.yaml
View File

@ -6,6 +6,21 @@ nginx_service_name: nginx
nginx_service_state: started nginx_service_state: started
nginx_service_enabled: yes nginx_service_enabled: yes
nginx_etc_path: /etc/nginx
nginx_conf_d_path: "{{ nginx_etc_path }}/conf.d"
nginx_mime_types_path: "{{ nginx_etc_path }}/mime.types"
nginx_user: nginx
nginx_worker_processes: auto
nginx_error_log: /var/log/nginx/error.log warn
nginx_access_log: /var/log/nginx/access.log main
nginx_pid: /var/run/nginx.pid
nginx_worker_connections: 1024
nginx_default_type: application/octet-stream
nginx_sendfile: "on"
nginx_keepalive_timeout: 65
nginx_gzip: "on"
nginx_root: /var/www/html nginx_root: /var/www/html
nginx_index: nginx_index:
- index.html - index.html
@ -14,3 +29,5 @@ nginx_index:
nginx_acme_challenge_enabled: yes nginx_acme_challenge_enabled: yes
nginx_acme_challenge_path: /var/www/.acme-challenge nginx_acme_challenge_path: /var/www/.acme-challenge
nginx_conf_d: {}

12
roles/nginx/tasks/Debian.yaml Normal file
View File

@ -0,0 +1,12 @@
---
- name: install nginx apt key
apt_key:
keyserver: keyserver.ubuntu.com
id: "{{ nginx_repo_key_id }}"
- name: install nginx apt repo
apt_repository:
repo: "deb http://nginx.org/packages/mainline/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} nginx"
update_cache: yes
filename: nginx
state: "{{ nginx_repo_state }}"

30
roles/nginx/tasks/main.yml
View File

@ -1,4 +1,28 @@
--- ---
- name: gather os specific variables
include_vars: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- vars
- name: include os specific tasks
include_tasks: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- tasks
- name: install passlib - name: install passlib
package: package:
name: "{{ item }}" name: "{{ item }}"
@ -12,10 +36,10 @@
name: "{{ nginx_package_name }}" name: "{{ nginx_package_name }}"
state: "{{ nginx_package_state }}" state: "{{ nginx_package_state }}"
- name: configure default virtual host - name: configure nginx
template: template:
src: default.j2 src: nginx.conf.j2
dest: /etc/nginx/sites-available/default dest: "{{ nginx_etc_path }}/nginx.conf"
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644

43
roles/nginx/templates/nginx.conf.j2 Normal file
View File

@ -0,0 +1,43 @@
# {{ ansible_managed }}
user {{ nginx_user }};
worker_processes {{ nginx_worker_processes }};
error_log {{ nginx_error_log }};
pid {{ nginx_pid }};
events {
worker_connections {{ nginx_worker_connections }};
}
http {
include {{ nginx_mime_types_path }};
default_type {{ nginx_default_type }};
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log {{ nginx_access_log }};
sendfile {{ nginx_sendfile }};
#tcp_nopush on;
keepalive_timeout {{ nginx_keepalive_timeout }};
gzip {{ nginx_gzip }};
geo $bad_actors {
default 0;
}
map $bad_actors $limit_key {
0 "";
1 $binary_remote_addr;
}
limit_req_zone $limit_key zone=req_bad_actors:10m rate=5r/s;
include {{ nginx_conf_d_path }}/*.conf;
}

4
roles/nginx/vars/Debian.yaml Normal file
View File

@ -0,0 +1,4 @@
---
nginx_repo_url: "http://nginx.org/packages/mainline/{{ ansible_distribution }} {{ ansible_distribution_release }} nginx"
nginx_repo_state: present
nginx_repo_key_id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62