radityo
/
ansible-nginx
mirror of https://github.com/HanXHX/ansible-nginx.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[WIP] Lint

pull/40/head
Emilien Mantel 2019-04-26 09:52:07 +02:00
parent a03a656b18
commit 20d4b6829a
7 changed files with 48 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
meta/main.yml
View File

@ -26,4 +26,3 @@ galaxy_info:
- nginx
- cdn
dependencies: []

13
tasks/install_Debian.yml
View File

@ -11,17 +11,9 @@
cache_valid_time: 3600
changed_when: false
- name: APT | Force OpenSSL from backports (fix dependency break)
apt:
pkg: openssl
state: latest
default_release: "{{ ansible_distribution_release + '-backports' }}"
when: nginx_backports
- name: APT | Install nginx and dependencies
apt:
pkg: "{{ nginx_apt_package }}"
state: present
default_release: "{{ ansible_distribution_release + '-backports' if nginx_backports else ansible_distribution_release }}"
- name: APT | Install nginx modules
@ -50,9 +42,10 @@
repo: 'https://github.com/Neilpang/acme.sh.git'
dest: '{{ nginx_acmesh_git_dir }}'
update: no
version: master
- name: SHELL | Install acme.sh
shell: ./acme.sh --install --home "{{ nginx_acmesh_dir }}"
- name: COMMAND | Install acme.sh
command: ./acme.sh --install --home "{{ nginx_acmesh_dir }}"
args:
chdir: "{{ nginx_acmesh_git_dir }}"
creates: "{{ nginx_acmesh_dir }}"

8
tasks/prepare.yml
View File

@ -9,7 +9,13 @@
check_mode: no
- name: SHELL | Get module list
shell: nginx -V 2>&1 | tr -- - '\n' | grep -A 1 with | grep _module | sed -r 's/_module//g; s/\s+//g' | sort
shell: |
nginx -V 2>&1 |
tr -- - '\n' |
grep -A 1 with |
grep _module |
sed -r 's/_module//g; s/\s+//g' |
sort
args:
executable: /bin/sh
register: shell_modules

2
tasks/site.yml
View File

@ -75,7 +75,7 @@
- name: FILE | Disable sites
file:
path: "{{ nginx_etc_dir}}/sites-enabled/{{ item | nginx_site_filename }}"
path: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_filename }}"
state: absent
loop: "{{ nginx_sites }}"
notify: ['reload nginx', 'restart nginx freebsd']

19
tasks/ssl/acme.yml
View File

@ -46,8 +46,13 @@
warn: false
when: fake_site.changed and ansible_virtualization_type == 'docker'
- name: SHELL | Get certificates
shell: '{{ nginx_acmesh_bin }} --home {{ nginx_acmesh_dir }} --issue{% if item.name is string %} -d {{ item.name }}{% else %}{% for name in item.name %} -d {{ name }}{% endfor %}{% endif %} --nginx {% if nginx_acmesh_test %}--test{% endif %}'
- name: COMMAND | Get certificates
command: |
{{ nginx_acmesh_bin }}
--home {{ nginx_acmesh_dir }}
--issue{% if item.name is string %} -d {{ item.name }}{% else %}{% for name in item.name %} -d {{ name }}{% endfor %}{% endif %}
--nginx
{% if nginx_acmesh_test %}--test{% endif %}
args:
creates: "{{ nginx_acmesh_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
loop: "{{ acme_create }}"
@ -60,8 +65,14 @@
path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}"
loop: "{{ acme_create }}"
- name: SHELL | Install certificates
shell: '{{ nginx_acmesh_bin }} --home {{ nginx_acmesh_dir }} --install-cert -d {{ item | nginx_site_name }} --fullchain-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt --key-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key --reloadcmd "service nginx restart"'
- name: COMMAND | Install certificates
command: |
{{ nginx_acmesh_bin }}
--home {{ nginx_acmesh_dir }}
--install-cert -d {{ item | nginx_site_name }}
--fullchain-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt
--key-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key
--reloadcmd "service nginx restart"
args:
creates: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
loop: "{{ nginx_ssl_pairs }}"

9
tasks/ssl/standard.yml
View File

@ -57,10 +57,15 @@
no_log: not nginx_debug_role
- name: COMMAND | Create self-signed certificates
command: "openssl req -new -newkey rsa:2048 -sha256 -days 3650 -nodes -x509 -subj '/CN={{ item | nginx_site_name }}' -keyout {{ item | nginx_site_name + '.key' }} -out {{ item | nginx_site_name + '.crt' }}"
command: |
openssl req
-new -newkey rsa:2048 -sha256 -days 3650 -nodes -x509
-subj '/CN={{ item | nginx_site_name }}'
-keyout {{ item | nginx_site_name + '.key' }}
-out {{ item | nginx_site_name + '.crt' }}
args:
chdir: "{{ nginx_ssl_dir + '/' + item | nginx_site_name }}"
creates: "{% if item.force is defined and item.force %}/tmp/dummy{% else %}{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.crt' }}{% endif %}"
creates: "{{ '/tmp/dummy' if item.force is defined and item.force else nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.crt' }}"
loop: "{{ nginx_ssl_pairs }}"
when: item.self_signed is defined
notify: restart nginx

20
tests/test.yml
View File

@ -23,10 +23,20 @@
src: "file/test.key"
dest: "{{ int_ansible_ssl_dir }}/test.key"
- name: LINEINFILE | Add all hosts in /etc/hosts
lineinfile:
line: "127.0.0.1\tlocalhost {% for s in nginx_sites %}{% if s.name is string %}{{ s.name }}{% else %}{% for n in s.name %}{{ n }} {% endfor %}{% endif %} {% if s.redirect_from is defined %}{% for rf in s.redirect_from %}{{ rf }} {% endfor %}{% endif %}{% endfor %}"
regexp: '^127\.0\.0\.1'
- name: COPY | Add all hosts in /etc/hosts
copy:
content: |
127.0.0.1 localhost
{% for s in nginx_sites %}
{% if s.name is string %}
127.0.0.1 {{ s.name }}
{% else %}
127.0.0.1 {% for n in s.name %}{{ n }} {% endfor %}
{% endif %}
{% if s.redirect_from is defined %}
127.0.0.1 {% for rf in s.redirect_from %}{{ rf }} {% endfor %}
{% endif %}
{% endfor %}
dest: "/etc/hosts"
unsafe_writes: yes
@ -355,7 +365,7 @@
# --------------------------------
- name: -- VERIFY PHP SITES --
uri:
url: "http://{{ item.name}}/"
url: "http://{{ item.name }}/"
return_content: yes
register: p
loop: "{{ nginx_sites }}"