From 8a75c065b4a432511c052e87b81f2b6939e39332 Mon Sep 17 00:00:00 2001
From: Thedro Neely <thedroneely@gmail.com>
Date: Fri, 17 Jan 2020 22:34:09 -0500
Subject: roles/nginx/main: Add nginx play

---
 roles/nginx/main.yml | 112 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 112 insertions(+)
 create mode 100644 roles/nginx/main.yml

(limited to 'roles/nginx')

diff --git a/roles/nginx/main.yml b/roles/nginx/main.yml
new file mode 100644
index 0000000..2c9f3cc
--- /dev/null
+++ b/roles/nginx/main.yml
@@ -0,0 +1,112 @@
+---
+# Target: alpine3.11
+- name: Install Nginx and Certbot
+  hosts: nginx
+
+  vars:
+    user: nginx
+    home: "/etc/{{ user }}"
+    nginx_key: https://nginx.org/keys/nginx_signing.key
+    nginx_version: 1.16.1
+    nginx_headers_version: 552e216a0da95c685d9db4f43e209c3f2a803e49
+    brotli_version: e505dce68acc190cc5a1e780a3b0275e39f160ca
+    quiche_version: 3c75701c6fa5b29a9076d9f82251f5aeee2c7f79
+
+  tasks:
+
+    - name: Ensuring group exists
+      group:
+        name: "{{ user }}"
+        state: present
+
+    - name: Creating user and making home directory
+      user:
+        system: yes
+        state: present
+        name: "{{ user }}"
+        groups: "{{ user }}"
+        home: "{{ home }}"
+
+    - name: Installing the required nginx dependencies
+      apk:
+        state: present
+        update_cache: yes
+        name:
+          - gcc
+          - libc-dev
+          - make
+          - openssl-dev
+          - pcre-dev
+          - zlib-dev
+          - linux-headers
+          - curl
+          - gnupg
+          - libxslt-dev
+          - gd-dev
+          - geoip-dev
+          - perl-dev
+
+    - name: Installing the required brotli dependencies
+      apk:
+        state: present
+        update_cache: yes
+        name:
+          - autoconf
+          - libtool
+          - automake
+          - git
+          - g++
+          - cmake
+          - go
+          - perl
+          - rust
+          - cargo
+
+    - name: Cloning repositories
+      git:
+        repo: "{{ item.repo }}"
+        dest: "{{ item.dest }}"
+        version: "{{ item.version }}"
+      with_items:
+        -
+          repo: https://github.com/google/ngx_brotli.git
+          dest: /opt/nginx/brotli
+          version: "{{ brotli_version }}"
+        -
+          repo: https://github.com/openresty/headers-more-nginx-module.git
+          dest: /opt/nginx/nginx-headers
+          version: "{{ nginx_headers_version }}"
+        -
+          repo: https://github.com/cloudflare/quiche
+          dest: /opt/nginx/quiche
+          version: "{{ quiche_version }}"
+
+    - name: Downloading nginx
+      get_url:
+        url: "{{ item.url }}"
+        dest: "{{ item.dest }}"
+      with_items:
+        -
+          url: https://nginx.org/download/nginx-{{ nginx_version }}.tar.gz
+          dest: /opt/nginx
+        -
+          url: https://nginx.org/download/nginx-{{ nginx_version }}.tar.gz.asc
+          dest: /opt/nginx
+
+    - name: Importing keys
+      shell: |
+       curl -sSL "{{ nginx_key }}" | gpg --import -
+       touch .nginx-key-imported
+      args:
+       chdir: /opt/nginx
+       creates: .nginx-key-imported
+
+    - name: Verifying application
+      shell: |
+       gpg --batch --verify nginx-"{{ nginx_version }}"-tar.gz nginx-"{{ nginx_version }}".tar.gz.asc
+       touch .nginx-"{{ nginx_version }}"-verified
+      args:
+       chdir: /opt/nginx
+       creates: .nginx-"{{ nginx_version }}"-verified
+
+
-- 
cgit v1.2.3