radityo
/
ansible-nginx
mirror of https://github.com/HanXHX/ansible-nginx.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix Ansible Lint

debian_11
Emilien Mantel 2021-09-01 11:45:44 +02:00
parent 6c7e0c2a47
commit a2780d3d95
11 changed files with 79 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
meta/main.yml
View File

@ -2,6 +2,8 @@
galaxy_info: galaxy_info:
author: Emilien Mantel author: Emilien Mantel
namespace: hanxhx
role_name: nginx
description: Nginx for Debian / FreeBSD description: Nginx for Debian / FreeBSD
company: company:
license: GPLv2 license: GPLv2

12
tasks/config.yml
View File

@ -4,12 +4,18 @@
template: template:
src: "etc/nginx/nginx.conf.j2" src: "etc/nginx/nginx.conf.j2"
dest: "{{ nginx_etc_dir }}/nginx.conf" dest: "{{ nginx_etc_dir }}/nginx.conf"
mode: 0644
owner: root
group: root
notify: reload nginx notify: reload nginx
- name: TEMPLATE | Deploy all helpers - name: TEMPLATE | Deploy all helpers
template: template:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ nginx_helper_dir }}/{{ item | basename | regex_replace('.j2$','') }}" dest: "{{ nginx_helper_dir }}/{{ item | basename | regex_replace('.j2$','') }}"
mode: 0644
owner: root
group: root
with_fileglob: '../templates/etc/nginx/helper/*.j2' with_fileglob: '../templates/etc/nginx/helper/*.j2'
notify: reload nginx notify: reload nginx
@ -17,6 +23,9 @@
template: template:
src: "etc/nginx/conf.d/custom.conf.j2" src: "etc/nginx/conf.d/custom.conf.j2"
dest: "{{ nginx_etc_dir }}/conf.d/custom.conf" dest: "{{ nginx_etc_dir }}/conf.d/custom.conf"
mode: 0644
owner: root
group: root
notify: reload nginx notify: reload nginx
- name: LINEINFILE | Fix path - name: LINEINFILE | Fix path
@ -42,4 +51,7 @@
load_module {{ m }}; load_module {{ m }};
{% endfor %} {% endfor %}
dest: "{{ nginx_etc_dir }}/modules-enabled/000-modules.conf" dest: "{{ nginx_etc_dir }}/modules-enabled/000-modules.conf"
mode: 0644
owner: root
group: root
notify: reload nginx notify: reload nginx

3
tasks/htpasswd.yml
View File

@ -13,6 +13,9 @@
name: "{{ item.1.name }}" name: "{{ item.1.name }}"
password: "{{ item.1.password }}" password: "{{ item.1.password }}"
path: "{{ nginx_htpasswd_dir }}/{{ item.0.name }}" path: "{{ nginx_htpasswd_dir }}/{{ item.0.name }}"
mode: 0644
owner: root
group: root
loop: "{{ nginx_htpasswd | subelements('users') }}" loop: "{{ nginx_htpasswd | subelements('users') }}"
when: item.0.state is not defined or item.0.state == 'present' when: item.0.state is not defined or item.0.state == 'present'
no_log: "{{ not nginx_debug_role }}" no_log: "{{ not nginx_debug_role }}"

3
tasks/install_FreeBSD.yml
View File

@ -40,6 +40,9 @@
file: file:
path: "{{ nginx_etc_dir }}/{{ item }}" path: "{{ nginx_etc_dir }}/{{ item }}"
state: directory state: directory
mode: 0755
owner: root
group: root
loop: loop:
- conf.d - conf.d
- sites-available - sites-available

3
tasks/prepare.yml
View File

@ -42,3 +42,6 @@
file: file:
path: /etc/ansible/facts.d path: /etc/ansible/facts.d
state: directory state: directory
mode: 0755
owner: root
group: root

6
tasks/site.yml
View File

@ -22,6 +22,9 @@
file: file:
path: "{{ nginx_root }}" path: "{{ nginx_root }}"
state: directory state: directory
mode: 0755
owner: root
group: root
- name: FILE | Create root public folders (foreach nginx_sites) - name: FILE | Create root public folders (foreach nginx_sites)
file: file:
@ -43,6 +46,9 @@
template: template:
src: "etc/nginx/sites-available/{{ item.template if item.redirect_to is not defined else '_redirect' }}.j2" src: "etc/nginx/sites-available/{{ item.template if item.redirect_to is not defined else '_redirect' }}.j2"
dest: "{{ nginx_etc_dir }}/sites-available/{{ item | nginx_site_filename }}" dest: "{{ nginx_etc_dir }}/sites-available/{{ item | nginx_site_filename }}"
mode: 0644
owner: root
group: root
notify: ['reload nginx', 'restart nginx freebsd'] notify: ['reload nginx', 'restart nginx freebsd']
when: item.state is not defined or item.state != 'absent' when: item.state is not defined or item.state != 'absent'
loop: "{{ nginx_sites }}" loop: "{{ nginx_sites }}"

3
tasks/ssl/acme.yml
View File

@ -24,6 +24,9 @@
template: template:
src: "etc/nginx/conf.d/FAKESITE.conf.j2" src: "etc/nginx/conf.d/FAKESITE.conf.j2"
dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf" dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
mode: 0644
owner: root
group: root
loop: "{{ acme_create }}" loop: "{{ acme_create }}"
register: fake_site register: fake_site

10
tasks/ssl/standard.yml
View File

@ -25,6 +25,9 @@
copy: copy:
content: "{{ nginx_dh }}" content: "{{ nginx_dh }}"
dest: "{{ nginx_dh_path }}" dest: "{{ nginx_dh_path }}"
owner: root
group: root
mode: 0640
when: nginx_dh is string when: nginx_dh is string
notify: restart nginx notify: restart nginx
@ -32,6 +35,9 @@
file: file:
path: "{{ item | nginx_ssl_dir(nginx_ssl_dir) }}" path: "{{ item | nginx_ssl_dir(nginx_ssl_dir) }}"
state: directory state: directory
owner: root
group: root
mode: 0750
loop: "{{ nginx_ssl_pairs }}" loop: "{{ nginx_ssl_pairs }}"
when: item.dest_key is not defined or item.dest_cert is not defined when: item.dest_key is not defined or item.dest_cert is not defined
no_log: "{{ not nginx_debug_role }}" no_log: "{{ not nginx_debug_role }}"
@ -40,6 +46,8 @@
copy: copy:
content: "{{ item.key }}" content: "{{ item.key }}"
dest: "{{ item | nginx_key_path(nginx_ssl_dir) }}" dest: "{{ item | nginx_key_path(nginx_ssl_dir) }}"
owner: root
group: root
mode: 0640 mode: 0640
loop: "{{ nginx_ssl_pairs }}" loop: "{{ nginx_ssl_pairs }}"
when: item.key is defined when: item.key is defined
@ -50,6 +58,8 @@
copy: copy:
content: "{{ item.cert }}" content: "{{ item.cert }}"
dest: "{{ item | nginx_cert_path(nginx_ssl_dir) }}" dest: "{{ item | nginx_cert_path(nginx_ssl_dir) }}"
owner: root
group: root
mode: 0644 mode: 0644
loop: "{{ nginx_ssl_pairs }}" loop: "{{ nginx_ssl_pairs }}"
when: item.cert is defined when: item.cert is defined

6
tasks/upstream.yml
View File

@ -4,12 +4,18 @@
template: template:
src: "etc/nginx/conf.d/php.conf.j2" src: "etc/nginx/conf.d/php.conf.j2"
dest: "{{ nginx_etc_dir }}/conf.d/php.conf" dest: "{{ nginx_etc_dir }}/conf.d/php.conf"
mode: 0644
owner: root
group: root
notify: reload nginx notify: reload nginx
- name: TEMPLATE | Deploy other upstreams - name: TEMPLATE | Deploy other upstreams
template: template:
src: "etc/nginx/conf.d/_upstream.conf.j2" src: "etc/nginx/conf.d/_upstream.conf.j2"
dest: "{{ nginx_etc_dir }}/conf.d/upstream-{{ item.name }}.conf" dest: "{{ nginx_etc_dir }}/conf.d/upstream-{{ item.name }}.conf"
mode: 0644
owner: root
group: root
loop: "{{ nginx_upstreams }}" loop: "{{ nginx_upstreams }}"
when: item.state is not defined or item.state == 'present' when: item.state is not defined or item.state == 'present'
notify: reload nginx notify: reload nginx

1
tests/includes/pre_FreeBSD.yml
View File

@ -25,6 +25,7 @@
state: present state: present
vars: vars:
packages: packages:
- bash
- curl - curl
- daemonize - daemonize
- fcgiwrap - fcgiwrap

36
tests/test.yml
View File

@ -13,16 +13,25 @@
file: file:
path: "{{ int_ansible_ssl_dir }}" path: "{{ int_ansible_ssl_dir }}"
state: directory state: directory
mode: 0750
owner: root
group: root
- name: COPY | Deploy test certificate - name: COPY | Deploy test certificate
copy: copy:
src: "file/test.crt" src: "file/test.crt"
dest: "{{ int_ansible_ssl_dir }}/test.crt" dest: "{{ int_ansible_ssl_dir }}/test.crt"
mode: 0640
owner: root
group: root
- name: COPY | Deploy test key - name: COPY | Deploy test key
copy: copy:
src: "file/test.key" src: "file/test.key"
dest: "{{ int_ansible_ssl_dir }}/test.key" dest: "{{ int_ansible_ssl_dir }}/test.key"
mode: 0640
owner: root
group: root
- name: COPY | Add all hosts in /etc/hosts - name: COPY | Add all hosts in /etc/hosts
copy: copy:
@ -39,6 +48,9 @@
{% endif %} {% endif %}
{% endfor %} {% endfor %}
dest: "/etc/hosts" dest: "/etc/hosts"
mode: 0644
owner: root
group: root
unsafe_writes: true unsafe_writes: true
vars: vars:
@ -296,6 +308,9 @@
copy: copy:
dest: "{{ nginx_root }}/{{ item }}/public/index.php" dest: "{{ nginx_root }}/{{ item }}/public/index.php"
content: "<?php phpinfo();" content: "<?php phpinfo();"
mode: 0644
owner: root
group: root
loop: loop:
- 'test-php.local' - 'test-php.local'
- 'test-php-index.local' - 'test-php-index.local'
@ -305,6 +320,9 @@
copy: copy:
dest: "{{ item }}/index.html" dest: "{{ item }}/index.html"
content: "Index HTML test OK\n" content: "Index HTML test OK\n"
mode: 0644
owner: root
group: root
loop: loop:
- '{{ nginx_root }}/first-test/public' - '{{ nginx_root }}/first-test/public'
- '/var/tmp' - '/var/tmp'
@ -319,11 +337,17 @@
file: file:
path: "{{ nginx_root }}/test-htpasswd.local/public/hello" path: "{{ nginx_root }}/test-htpasswd.local/public/hello"
state: directory state: directory
mode: 0755
owner: root
group: root
- name: -- Add HTML file hello -- - name: -- Add HTML file hello --
copy: copy:
dest: "{{ nginx_root }}/test-htpasswd.local/public/hello/index.html" dest: "{{ nginx_root }}/test-htpasswd.local/public/hello/index.html"
content: "hello\n" content: "hello\n"
mode: 0644
owner: root
group: root
# -------------------------------- # --------------------------------
# Test custom facts # Test custom facts
@ -512,16 +536,16 @@
- block: - block:
- name: SHELL | Check HTTP proxy protocol - name: SHELL | Check HTTP proxy protocol
shell: curl -I --haproxy-protocol http://test-ssl-proxy-protocol.local:20080 | grep -qi 'X-Proxy-Protocol' shell: set -o pipefail && curl -I --haproxy-protocol http://test-ssl-proxy-protocol.local:20080 | grep -qi 'X-Proxy-Protocol'
args: args:
executable: /bin/sh executable: /bin/bash
warn: false warn: false
changed_when: false changed_when: false
- name: SHELL | Check HTTPS proxy protocol - name: SHELL | Check HTTPS proxy protocol
shell: curl -I --haproxy-protocol -k https://test-ssl-proxy-protocol.local:20443 | grep -qi 'X-Proxy-Protocol' shell: set -o pipefail && curl -I --haproxy-protocol -k https://test-ssl-proxy-protocol.local:20443 | grep -qi 'X-Proxy-Protocol'
args: args:
executable: /bin/sh executable: /bin/bash
warn: false warn: false
changed_when: false changed_when: false
@ -531,8 +555,8 @@
# Check HTTP2 # Check HTTP2
# -------------------------------- # --------------------------------
- name: SHELL | Check HTTP2 - name: SHELL | Check HTTP2
shell: nghttp -nv https://localhost 2> /dev/null | grep -q h2 shell: set -o pipefail && nghttp -nv https://localhost 2> /dev/null | grep -q h2
args: args:
executable: /bin/sh executable: /bin/bash
changed_when: false changed_when: false
when: nginx_auto_config_httpv2 and 'http_v2' in nginx_modules when: nginx_auto_config_httpv2 and 'http_v2' in nginx_modules