jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-07-26 15:55:56 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2022-03-07 16:00

Browse Source
This commit is contained in:
Daniel Berteaud
2022-03-07 16:00:05 +01:00
parent be6bc20783
commit 1065df387c
99 changed files with 761 additions and 303 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
roles/nginx/tasks/install.yml
View File

@@ -1,8 +1,10 @@
---
- include: install_openresty.yml
- include_tasks: install_openresty.yml
when: nginx_openresty
tags: always
- include: install_nginx.yml
- include_tasks: install_nginx.yml
when: not nginx_openresty
tags: always

3
roles/nginx/tasks/iptables.yml
View File

@@ -4,5 +4,4 @@
name: nginx_ports
state: "{{ (nginx_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ (nginx_ports + nginx_ssl_ports) | join(',') }} -s {{ nginx_src_ip | join(',') }} -j ACCEPT\n"
when: iptables_manage | default(True)
tags: [firewall,web]
tags: firewall,web

45
roles/nginx/tasks/main.yml
View File

@@ -1,12 +1,35 @@
---
- include: install.yml
- include: facts.yml
- include: ssl.yml
- include: dir.yml
- include: conf.yml
- include: letsencrypt.yml
- include: selinux.yml
- include: iptables.yml
- include: htpasswd.yml
- include: service.yml
- include: filebeat.yml
- include_tasks: install.yml
tags: always
- include_tasks: facts.yml
tags: always
- include_tasks: ssl.yml
tags: always
- include_tasks: dir.yml
tags: always
- include_tasks: conf.yml
tags: always
- include_tasks: letsencrypt.yml
tags: always
- include_tasks: selinux.yml
when: ansible_selinux.stats == 'enabled'
tags: always
- include_tasks: iptables.yml
when: iptables_manage | default(True)
tags: always
- include_tasks: htpasswd.yml
tags: always
- include_tasks: service.yml
tags: always
- include_tasks: filebeat.yml
tags: always

2
roles/nginx/tasks/selinux.yml
View File

@@ -3,12 +3,10 @@
seboolean: name={{ item }} state=True persistent=True
with_items:
- httpd_can_network_connect
when: ansible_selinux.status == 'enabled'
tags: web
- name: Allow nginx to bind on ports
seport: ports={{ (nginx_ports + nginx_ssl_ports ) | join(',') }} proto=tcp setype=http_port_t state=present
when: ansible_selinux.status == 'enabled'
tags: web
- name: Ensure correct context on cache