ansible-taler-exchange

Ansible playbook to deploy a production Taler Exchange
Log | Files | Refs | Submodules | README | LICENSE

main.yml (1930B)

      1 ---
      2 # Webserver role
      3 
      4 - name: Install Nginx
      5   apt:
      6     name: nginx
      7     state: present
      8     update_cache: true
      9   when: ansible_os_family == 'Debian'
     10 
     11 - name: Install certbot base package
     12   apt:
     13     name: certbot
     14     state: present
     15     update_cache: true
     16   when: ansible_os_family == 'Debian'
     17 
     18 - name: Install certbot nginx plugin
     19   apt:
     20     name: python3-certbot-nginx
     21     state: present
     22     update_cache: true
     23   when: ansible_os_family == 'Debian'
     24 
     25 - name: Remove default nginx configuration
     26   file:
     27     path: /etc/nginx/sites-enabled/default
     28     state: absent
     29 
     30 - name: Setup extended log format
     31   copy:
     32     src: etc/nginx/conf.d/log-format-apm.conf
     33     dest: /etc/nginx/conf.d/log-format-apm.conf
     34     owner: root
     35     group: root
     36     mode: "0644"
     37 
     38 - name: Setup global HTTP2/HTTP3 configuration
     39   copy:
     40     src: etc/nginx/conf.d/http2-http3.conf
     41     dest: /etc/nginx/conf.d/http2-http3.conf
     42     owner: root
     43     group: root
     44     mode: "0644"
     45 
     46 - name: Setup per-server HTTP2/HTTP3 listen options
     47   copy:
     48     src: etc/nginx/conf.d/listen.conf.inc
     49     dest: /etc/nginx/conf.d/listen.conf.inc
     50     owner: root
     51     group: root
     52     mode: "0644"
     53 
     54 - name: Check nginx config
     55   ansible.builtin.command: nginx -c /etc/nginx/nginx.conf -t
     56   register: result
     57   ignore_errors: true
     58 
     59 - name: Clear all sites if nginx is misconfigured
     60   when: result is failed
     61   block:
     62     - name: Locate enabled sites
     63       find:
     64         path: "/etc/nginx/sites-enabled"
     65         file_type: "link"
     66       register: cleanup
     67       ignore_errors: true
     68     - name: Delete enabled sites
     69       file:
     70         path: "{{ item.path }}"
     71         state: absent
     72       with_items: "{{ cleanup.files }}"
     73       ignore_errors: true
     74     - name: Fail with message
     75       fail:
     76         msg: Clearing all enabled sites, as nginx config is broken.
     77       ignore_errors: true
     78 
     79 - name: Ensure Nginx service is enabled and started
     80   service:
     81     name: nginx
     82     state: started
     83     enabled: true