radityo/ansible-nginx
1
0
Fork 0
mirror of https://github.com/HanXHX/ansible-nginx.git synced 2026-04-15 13:12:10 +07:00
Code Issues Projects Releases Wiki Activity

Fix Ansible Lint

Browse Source
This commit is contained in:
Emilien Mantel
2021-09-01 11:58:39 +02:00
parent a2780d3d95
commit 8c6c4dc813
13 changed files with 113 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
tasks/config.yml
View File

@@ -1,7 +1,7 @@
---
- name: TEMPLATE | Deploy nginx.conf
template:
ansible.builtin.template:
src: "etc/nginx/nginx.conf.j2"
dest: "{{ nginx_etc_dir }}/nginx.conf"
mode: 0644
@@ -10,7 +10,7 @@
notify: reload nginx
- name: TEMPLATE | Deploy all helpers
template:
ansible.builtin.template:
src: "{{ item }}"
dest: "{{ nginx_helper_dir }}/{{ item | basename | regex_replace('.j2$','') }}"
mode: 0644
@@ -20,7 +20,7 @@
notify: reload nginx
- name: TEMPLATE | Deploy custom http configuration
template:
ansible.builtin.template:
src: "etc/nginx/conf.d/custom.conf.j2"
dest: "{{ nginx_etc_dir }}/conf.d/custom.conf"
mode: 0644
@@ -29,7 +29,7 @@
notify: reload nginx
- name: LINEINFILE | Fix path
lineinfile:
ansible.builtin.lineinfile:
regexp: '{{ item.0.regexp }}'
line: '{{ item.0.line }}'
dest: '{{ item.1 }}'
@@ -45,7 +45,7 @@
when: nginx_fastcgi_fix_realpath
- name: COPY | Add modules manually
copy:
ansible.builtin.copy:
content: |
{% for m in nginx_load_modules %}
load_module {{ m }};

4
tasks/htpasswd.yml
View File

@@ -1,7 +1,7 @@
---
- name: FILE | Delete htpasswd file
file:
ansible.builtin.file:
path: "{{ nginx_htpasswd_dir }}/{{ item.name }}"
state: absent
loop: "{{ nginx_htpasswd }}"
@@ -9,7 +9,7 @@
no_log: "{{ not nginx_debug_role }}"
- name: HTPASSWD | Manage files
htpasswd:
ansible.builtin.htpasswd:
name: "{{ item.1.name }}"
password: "{{ item.1.password }}"
path: "{{ nginx_htpasswd_dir }}/{{ item.0.name }}"

18
tasks/install_Debian.yml
View File

@@ -1,51 +1,51 @@
---
- name: SET_FACT | Bypass https://github.com/ansible/ansible/issues/19874
set_fact:
ansible.builtin.set_fact:
ansible_distribution_release: 'buster'
when: ansible_facts.distribution_major_version == "buster/sid"
- name: APT | Update cache
apt:
ansible.builtin.apt:
update_cache: true
cache_valid_time: 3600
changed_when: false
- name: APT | Install nginx and dependencies
apt:
ansible.builtin.apt:
pkg: "{{ nginx_apt_package }}"
default_release: "{{ ansible_distribution_release + '-backports' if nginx_backports else ansible_distribution_release }}"
- name: APT | Install nginx modules
apt:
ansible.builtin.apt:
pkg: "{{ nginx_module_packages }}"
state: present
- name: APT | Install python-passlib
apt:
ansible.builtin.apt:
pkg: "python{% if ansible_python_version is version('3', '>=') %}3{% endif %}-passlib"
state: present
- name: STAT | Check acme.sh is installed
stat:
ansible.builtin.stat:
path: "{{ nginx_acmesh_dir }}"
register: acme
- block:
- name: APT | Install git
apt:
ansible.builtin.apt:
pkg: git
- name: GIT | Get acme.sh
git:
ansible.builtin.git:
repo: 'https://github.com/Neilpang/acme.sh.git'
dest: '{{ nginx_acmesh_git_dir }}'
update: false
version: master
- name: COMMAND | Install acme.sh
command: ./acme.sh --install --home "{{ nginx_acmesh_dir }}"
ansible.builtin.command: ./acme.sh --install --home "{{ nginx_acmesh_dir }}"
args:
chdir: "{{ nginx_acmesh_git_dir }}"
creates: "{{ nginx_acmesh_dir }}"

12
tasks/install_FreeBSD.yml
View File

@@ -16,20 +16,20 @@
- block:
- name: COMMAND | Create /usr/local/etc/fdfs/http.conf
command: touch /usr/local/etc/fdfs/http.conf
ansible.builtin.command: touch /usr/local/etc/fdfs/http.conf
args:
creates: /usr/local/etc/fdfs/http.conf
register: fd1
- name: LINEINFILE | Tune fdfs
lineinfile:
ansible.builtin.lineinansible.builtin.file:
regexp: ^load_fdfs_parameters_from_tracker
line: load_fdfs_parameters_from_tracker=false
path: /usr/local/etc/fdfs/mod_fastdfs.conf
register: fd2
- name: SERVICE | Restart nginx when fdfs is tuned
service:
ansible.builtin.service:
name: nginx
state: restarted
when: fd1.changed or fd2.changed
@@ -37,7 +37,7 @@
when: true
- name: FILE | Create configuration dir (like Debian)
file:
ansible.builtin.file:
path: "{{ nginx_etc_dir }}/{{ item }}"
state: directory
mode: 0755
@@ -49,7 +49,7 @@
- sites-enabled
- name: FILE | Create log directory
file:
ansible.builtin.file:
path: "{{ nginx_log_dir }}"
owner: "{{ nginx_user }}"
group: wheel
@@ -57,6 +57,6 @@
state: directory
- name: SERVICE | Enable nginx
service:
ansible.builtin.service:
name: nginx
enabled: true

16
tasks/main.yml
View File

@@ -1,30 +1,30 @@
---
- name: INCLUDE_VARS | Related to OS
include_vars: "{{ ansible_distribution }}.yml"
ansible.builtin.include_vars: "{{ ansible_distribution }}.yml"
tags: ['nginx::site', 'nginx::ssl']
- name: INCLUDE_TASKS | Install
include_tasks: "install_{{ ansible_distribution }}.yml"
ansible.builtin.include_tasks: "install_{{ ansible_distribution }}.yml"
tags: ['nginx::site', 'nginx::ssl']
- name: IMPORT_TASKS| Prepare
import_tasks: prepare.yml
ansible.builtin.import_tasks: prepare.yml
tags: ['nginx::site', 'nginx::ssl']
- name: IMPORT_TASKS| Install
import_tasks: config.yml
ansible.builtin.import_tasks: config.yml
- name: IMPORT_TASKS| Upstream configuration
import_tasks: upstream.yml
ansible.builtin.import_tasks: upstream.yml
- name: IMPORT_TASKS| htpasswd configuration
import_tasks: htpasswd.yml
ansible.builtin.import_tasks: htpasswd.yml
- name: IMPORT_TASKS| SSL configuration
import_tasks: ssl/main.yml
ansible.builtin.import_tasks: ssl/main.yml
tags: ['nginx::ssl']
- name: IMPORT_TASKS| Sites configuration
import_tasks: site.yml
ansible.builtin.import_tasks: site.yml
tags: ['nginx::site']

10
tasks/prepare.yml
View File

@@ -1,7 +1,7 @@
---
- name: SHELL | Get Nginx version
shell: nginx -v 2>&1 | sed -r 's#.*/##;' | cut -d ' ' -f 1
ansible.builtin.shell: nginx -v 2>&1 | sed -r 's#.*/##;' | cut -d ' ' -f 1
args:
executable: /bin/sh
register: nginx_version
@@ -11,7 +11,7 @@
- skip_ansible_lint
- name: SHELL | Get module list
shell: |
ansible.builtin.shell: |
nginx -V 2>&1 |
tr -- - '\n' |
grep -A 1 with |
@@ -27,11 +27,11 @@
- skip_ansible_lint
- name: SET_FACT | Save modules
set_fact:
ansible.builtin.set_fact:
nginx_modules: "{{ shell_modules.stdout_lines }}"
- name: FILE | Create folders
file:
ansible.builtin.file:
dest: "{{ item.dir }}"
owner: "{{ item.owner }}"
mode: "{{ item.mode }}"
@@ -39,7 +39,7 @@
loop: "{{ nginx_dirs }}"
- name: FILE | Create ansible facts dir
file:
ansible.builtin.file:
path: /etc/ansible/facts.d
state: directory
mode: 0755

22
tasks/site.yml
View File

@@ -1,7 +1,7 @@
---
- name: FAIL | Check filenames
fail:
ansible.builtin.fail:
msg: "Forbidden keyword default on site {{ item | nginx_site_name }}"
when: item.filename is defined and item.filename == 'default'
loop: "{{ nginx_sites }}"
@@ -9,7 +9,7 @@
label: "{{ item | nginx_site_name }}"
- name: FAIL | Check HTTPS redir and proto
fail:
ansible.builtin.fail:
msg: "You can't have HTTP proto and HTTPS redirection at the same time"
when:
((item.proto is defined and 'http' in item.proto) or (item.proto is not defined)) and
@@ -19,7 +19,7 @@
label: "{{ item | nginx_site_name }}"
- name: FILE | Create root directory
file:
ansible.builtin.file:
path: "{{ nginx_root }}"
state: directory
mode: 0755
@@ -27,7 +27,7 @@
group: root
- name: FILE | Create root public folders (foreach nginx_sites)
file:
ansible.builtin.file:
path: "{{ nginx_root }}/{{ item | nginx_site_filename }}/public"
state: directory
owner: "{{ item.owner | default(nginx_user) }}"
@@ -43,7 +43,7 @@
label: "{{ item | nginx_site_name }}"
- name: TEMPLATE | Create sites
template:
ansible.builtin.template:
src: "etc/nginx/sites-available/{{ item.template if item.redirect_to is not defined else '_redirect' }}.j2"
dest: "{{ nginx_etc_dir }}/sites-available/{{ item | nginx_site_filename }}"
mode: 0644
@@ -56,7 +56,7 @@
label: "{{ item | nginx_site_name }}"
- name: FILE | Delete sites
file:
ansible.builtin.file:
path: "{{ nginx_etc_dir }}/{{ item.1 }}/{{ item.0 | nginx_site_filename }}"
state: absent
loop: "{{ nginx_sites | product(dirs) | list }}"
@@ -68,7 +68,7 @@
label: "{{ nginx_etc_dir }}/{{ item.1 }}/{{ item.0 | nginx_site_filename }}"
- name: FILE | Enable sites
file:
ansible.builtin.file:
src: "{{ nginx_etc_dir }}/sites-available/{{ item | nginx_site_filename }}"
dest: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_filename }}"
state: link
@@ -80,7 +80,7 @@
label: "{{ item | nginx_site_name }}"
- name: FILE | Disable sites
file:
ansible.builtin.file:
path: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_filename }}"
state: absent
loop: "{{ nginx_sites }}"
@@ -90,14 +90,14 @@
label: "{{ item | nginx_site_name }}"
- name: FILE | Delete default site when explicitely defined
file:
ansible.builtin.file:
path: "{{ nginx_etc_dir }}/sites-enabled/default"
state: absent
notify: ['reload nginx', 'restart nginx freebsd']
when: nginx_default_site is not none
- name: FILE | Auto set default site
file:
ansible.builtin.file:
src: "{{ nginx_etc_dir }}/sites-available/default"
dest: "{{ nginx_etc_dir }}/sites-enabled/default"
state: link
@@ -105,7 +105,7 @@
when: nginx_default_site is none
- name: TEMPLATE | Deploy facts
template:
ansible.builtin.template:
src: etc/ansible/facts.d/nginx.fact.j2
dest: /etc/ansible/facts.d/nginx.fact
mode: 0644

26
tasks/ssl/acme.yml
View File

@@ -1,18 +1,18 @@
---
- name: SET_FACT | Assign default...
set_fact:
ansible.builtin.set_fact:
acme_create: []
- name: STAT | Check if certificates are already installed
stat:
ansible.builtin.stat:
path: "{{ item | nginx_cert_path(nginx_ssl_dir) }}"
loop: "{{ nginx_ssl_pairs }}"
when: item.acme is defined and item.acme
register: acme_installed_certs
- name: SET_FACT | Assign var with certificates to create
set_fact:
ansible.builtin.set_fact:
acme_create: "{{ acme_create | default([]) + [ (item.item) ] }}"
loop: "{{ acme_installed_certs.results }}"
when: item.skipped is not defined and (not item.stat.exists or item.stat.size == 0)
@@ -21,7 +21,7 @@
block:
- name: TEMPLATE | Create fake site
template:
ansible.builtin.template:
src: "etc/nginx/conf.d/FAKESITE.conf.j2"
dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
mode: 0644
@@ -31,26 +31,26 @@
register: fake_site
- name: FILE | Delete current site if needed
file:
ansible.builtin.file:
path: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_name }}"
state: absent
loop: "{{ acme_create }}"
when: fake_site.changed
- name: SERVICE | Restart nginx
service:
ansible.builtin.service:
name: nginx
state: restarted
when: fake_site.changed and ansible_virtualization_type != 'docker'
- name: COMMAND | Restart nginx
command: service nginx restart
ansible.builtin.command: service nginx restart
args:
warn: false
when: fake_site.changed and ansible_virtualization_type == 'docker'
- name: COMMAND | Get certificates
command: |
ansible.builtin.command: |
{{ nginx_acmesh_bin }}
--home {{ nginx_acmesh_dir }}
--issue{% for s in nginx_sites | nginx_search_by_ssl_name(item.name) | nginx_all_site_names %} -d {{ s }}{% endfor %}
@@ -64,12 +64,12 @@
no_log: "{{ not nginx_debug_role }}"
- name: FILE | Create SSL dir per site
file:
ansible.builtin.file:
path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}"
loop: "{{ acme_create }}"
- name: COMMAND | Install certificates
command: |
ansible.builtin.command: |
{{ nginx_acmesh_bin }}
--home {{ nginx_acmesh_dir }}
--install-cert -d {{ nginx_sites | nginx_search_by_ssl_name(item | nginx_site_name) | nginx_site_name }}
@@ -85,17 +85,17 @@
rescue:
- name: FAIL | Explicit
fail:
ansible.builtin.fail:
msg: "Something is bad... Auto crash!"
always:
- name: FILE | Delete fake sites
file:
ansible.builtin.file:
path: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
state: absent
loop: "{{ acme_create }}"
notify: restart nginx
- name: META | Flush handlers
meta: flush_handlers
ansible.builtin.meta: flush_handlers

16
tasks/ssl/standard.yml
View File

@@ -3,26 +3,26 @@
- block:
- name: STAT | Get info about DH file
stat:
ansible.builtin.stat:
path: "{{ nginx_dh_path }}"
get_checksum: false
register: stat_dh_file
- name: SHELL | Get info about DH file
shell: openssl dhparam -in {{ nginx_dh_path }} -text -noout 2>&1 | awk '/DH Parameters/ { print substr($3, 2) }'
ansible.builtin.shell: openssl dhparam -in {{ nginx_dh_path }} -text -noout 2>&1 | awk '/DH Parameters/ { print substr($3, 2) }'
changed_when: false
register: dh_info
when: stat_dh_file.stat.exists
- name: COMMAND | Generate DH file
command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }}
ansible.builtin.command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }}
when: not stat_dh_file.stat.exists or (dh_info.stdout | int != nginx_dh_length | int)
notify: restart nginx
when: nginx_dh is not string
- name: COPY | Deploy DH file from vars
copy:
ansible.builtin.copy:
content: "{{ nginx_dh }}"
dest: "{{ nginx_dh_path }}"
owner: root
@@ -32,7 +32,7 @@
notify: restart nginx
- name: FILE | Create SSL directories
file:
ansible.builtin.file:
path: "{{ item | nginx_ssl_dir(nginx_ssl_dir) }}"
state: directory
owner: root
@@ -43,7 +43,7 @@
no_log: "{{ not nginx_debug_role }}"
- name: COPY | Deploy SSL keys
copy:
ansible.builtin.copy:
content: "{{ item.key }}"
dest: "{{ item | nginx_key_path(nginx_ssl_dir) }}"
owner: root
@@ -55,7 +55,7 @@
no_log: "{{ not nginx_debug_role }}"
- name: COPY | Deploy SSL certs
copy:
ansible.builtin.copy:
content: "{{ item.cert }}"
dest: "{{ item | nginx_cert_path(nginx_ssl_dir) }}"
owner: root
@@ -67,7 +67,7 @@
no_log: "{{ not nginx_debug_role }}"
- name: COMMAND | Create self-signed certificates
command: |
ansible.builtin.command: |
openssl req
-new -newkey rsa:2048 -sha256 -days 3650 -nodes -x509
-subj '/CN={{ item | nginx_site_name }}'

6
tasks/upstream.yml
View File

@@ -1,7 +1,7 @@
---
- name: TEMPLATE | Deploy PHP upstream to Nginx
template:
ansible.builtin.template:
src: "etc/nginx/conf.d/php.conf.j2"
dest: "{{ nginx_etc_dir }}/conf.d/php.conf"
mode: 0644
@@ -10,7 +10,7 @@
notify: reload nginx
- name: TEMPLATE | Deploy other upstreams
template:
ansible.builtin.template:
src: "etc/nginx/conf.d/_upstream.conf.j2"
dest: "{{ nginx_etc_dir }}/conf.d/upstream-{{ item.name }}.conf"
mode: 0644
@@ -21,7 +21,7 @@
notify: reload nginx
- name: FILE | Delete other upstreams
file:
ansible.builtin.file:
path: "{{ nginx_etc_dir }}/conf.d/upstream-{{ item.name }}.conf"
state: absent
loop: "{{ nginx_upstreams }}"