noticket - reorganized podman

2024-02-01 15:35:11 -05:00
parent 27942f9178
commit 184cd2574d
25 changed files with 102 additions and 98 deletions
--- a/ansible/roles/podman/tasks/containers/base/conf-nginx-https.yml
+++ b/ansible/roles/podman/tasks/containers/base/conf-nginx-https.yml
@@ -0,0 +1,68 @@
+---
+- name: create nginx ssl directory
+  become: true
+  ansible.builtin.file:
+    path: "{{ nginx_path }}/etc/ssl"
+    owner: "{{ podman_user }}"
+    group: "{{ podman_user }}"
+    mode: 0644
+    state: directory
+  tags: https
+
+- name: stat dhparam
+  become: true
+  ansible.builtin.stat:
+    path: "{{ nginx_path }}/etc/ssl/dhparam.pem"
+  register: dhparam
+  tags: https
+
+- name: generate openssl dhparam for nginx
+  become: true
+  ansible.builtin.command: |
+    openssl dhparam -out {{ nginx_path }}/ssl/dhparam.pem 2048
+  when: not dhparam.stat.exists
+  args:
+    creates: "{{ nginx_path }}/ssl/dhparam.pem"
+  tags: https
+
+- name: template nginx https sites-available
+  become: true
+  ansible.builtin.template:
+    src: "templates/nginx/sites/{{ item }}.j2"
+    dest: "{{ nginx_path }}/etc/sites-available/{{ item }}"
+    owner: "{{ podman_user }}"
+    group: "{{ podman_user }}"
+    mode: 0644
+  loop:
+    - "{{ bookstack_server_name }}.https.conf"
+    - "{{ ci_server_name }}.https.conf"
+    - "{{ cloud_server_name }}.https.conf"
+    - "{{ cloud_skudak_server_name }}.https.conf"
+    - "{{ fulfillr_server_name }}.https.conf"
+    - "{{ parts_server_name }}.https.conf"
+    - "{{ photos_server_name }}.https.conf"
+  notify:
+    - restorecon podman
+    - restart nginx
+  tags: https
+
+- name: enable desired nginx https sites
+  become: true
+  ansible.builtin.file:
+    src: "../sites-available/{{ item }}"
+    dest: "{{ nginx_path }}/etc/sites-enabled/{{ item }}"
+    owner: "{{ podman_user }}"
+    group: "{{ podman_user }}"
+    state: link
+  loop:
+    - "{{ bookstack_server_name }}.https.conf"
+    - "{{ ci_server_name }}.https.conf"
+    - "{{ cloud_server_name }}.https.conf"
+    - "{{ cloud_skudak_server_name }}.https.conf"
+    - "{{ fulfillr_server_name }}.https.conf"
+    - "{{ parts_server_name }}.https.conf"
+    - "{{ photos_server_name }}.https.conf"
+  notify:
+    - restorecon podman
+    - restart nginx
+  tags: https