initial ansible code

roles/webserver/tasks/nginx.yml

@@ -0,0 +1,55 @@
+---
+
+- name: Copy Nginx configs
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: 0644
+  loop:
+    - {src: "nginx.conf.j2", dest: "/etc/nginx/nginx.conf"}
+    - {src: "cert.conf.j2", dest: "/etc/nginx/global/cert.conf"}
+    - {src: "header.conf.j2", dest: "/etc/nginx/global/header.conf"}
+    - {src: "proxy.conf.j2", dest: "/etc/nginx/global/proxy.conf"}
+    - {src: "php_optimization.j2", dest: "/etc/nginx/global/php_optimization"}
+  notify: reload nginx
+
+- name: Copy virtual server configs
+  template:
+    src: "{{ item }}"
+    dest: /etc/nginx/conf.d/{{ item | basename | regex_replace('\.j2$', '') }}
+    mode: 0644
+  with_fileglob: "../templates/conf.d/*.j2"
+  notify: reload nginx
+
+## Certificates
+
+- name: Create Certificate directory
+  file:
+    path: "{{ webserver_nginx_cert_path }}"
+    state: directory
+    mode: 0755
+
+- name: Copy SSL certificates for {{ webserver_domain }}
+  copy:
+    remote_src: true
+    # make sure that ssl certs are available
+    src: "{{ lego_config_dir }}/certificates/{{ webserver_domain }}.{{ item }}"
+    dest: "{{ webserver_nginx_cert_path }}/{{ webserver_domain }}.{{ item }}"
+    owner: root
+    group: root
+    mode: 0600
+  loop: [crt, key, issuer.crt]
+  notify: reload nginx
+
+- name: Create nginx.service.d directory
+  file:
+    path: /etc/systemd/system/nginx.service.d
+    mode: 0755
+    state: directory
+
+- name: Increase max open files
+  template:
+    src: nginx_systemd.conf.j2
+    dest: /etc/systemd/system/nginx.service.d/nginx.conf
+    mode: 0644
+  notify: restart nginx