You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
96 lines
2.9 KiB
96 lines
2.9 KiB
---
|
|
# tasks file for nginx
|
|
- name: Install certbot
|
|
apt:
|
|
name:
|
|
- certbot
|
|
update_cache: true
|
|
state: present
|
|
|
|
- name: Create nginx docker directory if it doesn't exist
|
|
file:
|
|
path: "{{ nginx_dir }}"
|
|
state: directory
|
|
|
|
- name: Create nginx data docker directory if it doesn't exist
|
|
file:
|
|
path: "{{ nginx_data_dir }}"
|
|
state: directory
|
|
|
|
- name: Delete nginx certs directory if it exists
|
|
file:
|
|
path: "{{ nginx_certs_dir }}"
|
|
state: absent
|
|
|
|
- name: Create nginx certs directory
|
|
file:
|
|
path: "{{ nginx_certs_dir }}"
|
|
state: directory
|
|
|
|
- name: copy nginx config file to data directory
|
|
template:
|
|
src: loadbalancer.conf.j2
|
|
dest: "{{ nginx_data_dir }}/loadbalancer.conf"
|
|
|
|
- name: Copy nginx docker compose file
|
|
template:
|
|
src: nginx-docker-compose.yaml.j2
|
|
dest: "{{ nginx_dir }}/docker-compose.yaml"
|
|
|
|
- name: Check if {{ nginx_container_name }} exists
|
|
community.docker.docker_container_info:
|
|
name: "{{ nginx_container_name }}"
|
|
register: nginx_running
|
|
|
|
- name: Ask for confirmation to remove {{ nginx_container_name }}
|
|
pause:
|
|
prompt: "We found a running {{ nginx_container_name }} container. Would you like to remove it? (y/n)"
|
|
echo: yes
|
|
register: confirmation
|
|
when: nginx_running.exists
|
|
delegate_to: localhost
|
|
run_once: true
|
|
|
|
- block:
|
|
- name: Stop and remove {{ nginx_container_name }} if confirmed
|
|
community.docker.docker_container:
|
|
name: "{{ nginx_container_name }}"
|
|
state: absent
|
|
when: nginx_running.exists and confirmation.user_input | lower in ['y', 'yes']
|
|
|
|
- name: Prune docker containers
|
|
shell: sudo docker container prune -f
|
|
when: nginx_running.exists and confirmation.user_input | lower in ['y', 'yes']
|
|
|
|
- name: Remove {{ nginx_container_name }} if it exists
|
|
community.docker.docker_container:
|
|
name: "{{ nginx_container_name }}"
|
|
state: absent
|
|
when: nginx_running.exists and confirmation.user_input | lower in ['y', 'yes']
|
|
|
|
- name: Obtain SSL certificates using Certbot
|
|
shell: yes | certbot -d {{ vaultwarden_domain }} --config-dir {{ nginx_certs_dir }} certonly --standalone -m {{ nginx_certs_email }} --agree-tos
|
|
when: ansible_hostname == 'nginx-srv-1'
|
|
|
|
- name: Synchronization of SSL cert files and directory from server to local
|
|
ansible.posix.synchronize:
|
|
mode: pull
|
|
src: "{{ nginx_certs_dir }}"
|
|
dest: /tmp
|
|
|
|
- name: Synchronization of src on the control machine to {{ nginx_certs_dir }} on the remote hosts
|
|
ansible.posix.synchronize:
|
|
src: /tmp/certs
|
|
dest: "{{ nginx_dir }}"
|
|
|
|
- name: Delete SSL cert files on the local machine
|
|
file:
|
|
path: /tmp/certs
|
|
state: absent
|
|
delegate_to: localhost
|
|
|
|
- name: Start {{ nginx_container_name }} with docker compose
|
|
community.docker.docker_compose:
|
|
project_src: "{{ nginx_dir }}"
|
|
files:
|
|
- docker-compose.yaml
|
|
|