Anton Shestakov <av6@dwimlabs.net>, Mon, 27 Jun 2016 17:38:13 +0800
use a more YAMLy syntax everywhere
roles/nginx/tasks/main.yml
Permissions: -rw-r--r--
- easy-rsa # for munin certificate auth - libwww-perl # for munin plugins - name: Disable default site path: /etc/nginx/sites-enabled/default - name: Add nginx status server src: etc/nginx/sites-available/nginx_status dest: /etc/nginx/sites-available/nginx_status - name: Enable Nginx status server src: /etc/nginx/sites-available/nginx_status dest: /etc/nginx/sites-enabled/nginx_status - name: Create a Diffie-Hellman key exchange parameters file {% if ansible_virtualization_type == "virtualbox" %}-dsaparam{% endif %} -out /etc/nginx/dh-2048.pem creates: /etc/nginx/dh-2048.pem - name: Extract information for HPKP header openssl rsa -in /etc/nginx/easy-rsa/keys/{{ item }} -outform der -pubout | openssl dgst -sha256 -binary - munin.{{ hostname }}.key failed_when: "'unable' in hpkpinfo.stderr" - name: Add munin.{{ hostname }} src: etc/nginx/sites-available/munin dest: /etc/nginx/sites-available/munin.{{ hostname }} - name: Enable munin.{{ hostname }} src: /etc/nginx/sites-available/munin.{{ hostname }} dest: /etc/nginx/sites-enabled/99munin.{{ hostname }} - name: Enable extra Munin plugins src: /usr/share/munin/plugins/{{ item }} dest: /etc/munin/plugins/{{ item }} - name: Copy custom Nginx-related Munin plugins src: etc/munin/plugins/{{ item }} dest: /etc/munin/plugins/{{ item }} - nginx_requests_by_vhost - name: Configure custom Munin plugins src: etc/munin/plugin-conf.d/{{ item }} dest: /etc/munin/plugin-conf.d/{{ item }} - nginx_requests_by_vhost - name: Monitor Nginx with Monit src: /etc/monit/monitrc.d/nginx dest: /etc/monit/conf.d/nginx - name: Allow HTTP and HTTPS