-
Notifications
You must be signed in to change notification settings - Fork 1
/
playbook.yml
126 lines (123 loc) · 3.71 KB
/
playbook.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
# LEMP PLAYBOOK
---
- name: "Install prerequisites"
hosts: www
user: "{{ sudo_user }}"
become: true
gather_facts: false
vars_files:
- group_vars/main.yml
- vars/main.yml
tasks:
- name: "Add repository for PHP 8.1"
apt_repository: "repo='ppa:ondrej/php'"
- name: "Build and install BROTLI for NGINX"
hosts: www
become: true
vars_files:
- group_vars/main.yml
- vars/main.yml
tasks:
- name: "Gather the apt package facts"
package_facts:
manager: auto
- name: "Get Nginx version and set variable"
set_fact:
nginx_version: "{{ ansible_facts.packages['nginx'][0].version | regex_search('^[0-9.]*') }}"
- name: "Install needed packages"
apt:
pkg: "{{ item }}"
state: latest
with_items:
- git
- gcc
- cmake
- libpcre3
- libpcre3-dev
- zlib1g
- zlib1g-dev
- openssl
- libssl-dev
- name: "Download and unarchive Nginx source code of version {{ nginx_version }}"
unarchive:
src: https://nginx.org/download/nginx-{{ nginx_version }}.tar.gz
dest: ~/
remote_src: yes
- name: "Git clone Brotli module (google/ngx_brotli)"
git:
repo: https://github.com/google/ngx_brotli.git
dest: ~/ngx_brotli
- name: "Configure Brotli module"
command:
chdir: ~/nginx-{{ nginx_version }}
cmd: ./configure --with-compat --add-dynamic-module=../ngx_brotli
- name: "Make Brotli module (Dynamically loaded)"
make:
chdir: ~/nginx-{{ nginx_version }}
target: modules
- name: "Copy compiled Brotli module to /usr/share/nginx/modules"
copy:
remote_src: yes
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ sudo_user }}"
group: "{{ sudo_user }}"
mode: 0644
with_items:
- { src: "~/nginx-{{ nginx_version }}/objs/ngx_http_brotli_filter_module.so", dest: "/usr/share/nginx/modules" }
- { src: "~/nginx-{{ nginx_version }}/objs/ngx_http_brotli_static_module.so", dest: "/usr/share/nginx/modules" }
- name: "Add Brotli module to the start of Nginx config"
lineinfile:
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: "{{ item.line }}"
with_items:
- { line: 'load_module "modules/ngx_http_brotli_filter_module.so";' }
- { line: 'load_module "modules/ngx_http_brotli_static_module.so";' }
- name: "Delete unnecessary directories"
file:
state: absent
path: "{{ item.path }}"
with_items:
- { path: "~/ngx_brotli" }
- { path: "~/nginx-{{ nginx_version }}" }
- name: "Add the user {{ web_user }}"
hosts: www
user: "{{ sudo_user }}"
become: true
gather_facts: false
vars_files:
- group_vars/main.yml
- vars/main.yml
tasks:
- name: "Add the user"
ansible.builtin.user:
name: "{{ web_user }}"
comment: "Web user"
group: "{{ web_user_group }}"
- name: "Set up authorized keys for the web user"
authorized_key:
user: "{{ web_user }}"
key: '{{ lookup("file", "{{ web_user_public_key_file }}") }}'
- name: "LEMP Provisioning"
hosts: www
user: "{{ sudo_user }}"
become: true
vars_files:
- group_vars/main.yml
- vars/main.yml
roles:
- { role: geerlingguy.nginx }
- { role: geerlingguy.certbot }
- { role: geerlingguy.php }
# - { role: geerlingguy.mysql }
# - { role: geerlingguy.php-mysql }
# - { role: geerlingguy.memcached }
# - { role: geerlingguy.git }
# - { role: geerlingguy.composer }
# - { role: geerlingguy.nodejs }
tasks:
- name: "Restart NGINX"
ansible.builtin.service:
name: nginx
state: restarted