Use include role to avoid leaky variables.
https://github.com/ansible/ansible/issues/65851
This commit is contained in:
parent
fdd96f495f
commit
92c1af4bb9
|
@ -1,8 +1,11 @@
|
|||
---
|
||||
|
||||
- hosts: mdk
|
||||
roles:
|
||||
- role: nftables
|
||||
vars:
|
||||
letsencrypt_email: julien@palard.fr
|
||||
tasks:
|
||||
- name: Setup nftables
|
||||
include_role: name=nftables
|
||||
vars:
|
||||
nftables_conf: |
|
||||
#!/usr/sbin/nft -f
|
||||
|
@ -19,44 +22,68 @@
|
|||
}
|
||||
}
|
||||
|
||||
- role: julienpalard.nginx_letsencrypt
|
||||
- name: Setup mdk.fr
|
||||
include_role: name=static_website
|
||||
vars:
|
||||
certificates:
|
||||
- [mdk.fr, www.mdk.fr, julien.palard.fr, mandark.fr, palard.fr, sizeof.fr, www.mandark.fr, www.palard.fr, www.sizeof.fr]
|
||||
- [irc.mdk.fr]
|
||||
- [codeenseine.fr, www.codeenseine.fr]
|
||||
- [le-poitevin.fr, www.le-poitevin.fr]
|
||||
- [tuw.fr]
|
||||
- [wyz.fr, www.wyz.fr]
|
||||
letsencrypt_email: julien@palard.fr
|
||||
|
||||
- role: static_website
|
||||
vars:
|
||||
uri: mdk.fr
|
||||
domain: mdk.fr
|
||||
extra_certificates: [www.mdk.fr]
|
||||
owner: mdk_fr
|
||||
path: /var/www/mdk.fr/
|
||||
public_deploy_key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/8I1ecV8EutLc+Qx6Q8b2RhzXMl9n23LznNlw+MQtM deploy'
|
||||
|
||||
- role: static_website
|
||||
- name: Setup palard.fr
|
||||
include_role: name=static_website
|
||||
vars:
|
||||
uri: le-poitevin.fr
|
||||
domain: palard.fr
|
||||
extra_certificates: [julien.palard.fr, www.palard.fr]
|
||||
nginx_extra: "location / {return 301 https://mdk.fr;}"
|
||||
|
||||
- name: Setup mandark.fr
|
||||
include_role: name=static_website
|
||||
vars:
|
||||
domain: mandark.fr
|
||||
extra_certificates: [www.mandark.fr]
|
||||
nginx_extra: "location / {return 301 https://mdk.fr;}"
|
||||
|
||||
- name: Setup le-poitevin.fr
|
||||
include_role: name=static_website
|
||||
vars:
|
||||
domain: le-poitevin.fr
|
||||
extra_certificates: [www.le-poitevin.fr]
|
||||
owner: le_poitevin_fr
|
||||
path: /var/www/le-poitevin.fr/
|
||||
public_deploy_key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBhFjd1nWN2N0xNm5N+sg9yMcb3sHrYWZ5vPdSUST0zn deploy'
|
||||
|
||||
- role: static_website
|
||||
- name: Setup codeenseine.fr
|
||||
include_role: name=static_website
|
||||
vars:
|
||||
uri: codeenseine.fr
|
||||
domain: codeenseine.fr
|
||||
extra_certificates: [www.codeenseine.fr]
|
||||
owner: codeenseine_fr
|
||||
path: /var/www/codeenseine.fr/
|
||||
public_deploy_key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVUrVDfDWwig4Vau0GJkvEpihMQXUhGVCBOQP6izGgx deploy'
|
||||
|
||||
- role: weechat
|
||||
- name: Setup kisspush.net
|
||||
include_role: name=static_website
|
||||
vars:
|
||||
domain: kisspush.net
|
||||
extra_certificates: [www.kisspush.net]
|
||||
nginx_extra: "location / {return 301 https://mdk.fr;}"
|
||||
|
||||
- name: Setup letsencrypt
|
||||
include_role: name=julienpalard.nginx_letsencrypt
|
||||
vars:
|
||||
certificates:
|
||||
- [irc.mdk.fr]
|
||||
- [tuw.fr]
|
||||
- [wyz.fr, www.wyz.fr]
|
||||
|
||||
- name: Setup weechat
|
||||
include_role: name=weechat
|
||||
vars:
|
||||
version: 2.7
|
||||
owner: weechat
|
||||
|
||||
tasks:
|
||||
- name: Setup Glowing Bear
|
||||
unarchive:
|
||||
src: https://github.com/glowing-bear/glowing-bear/archive/0.7.2.tar.gz
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
|
||||
nginx_extra: ""
|
||||
extra_certificates: []
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
user:
|
||||
system: yes
|
||||
name: "{{ owner }}"
|
||||
when: owner is defined
|
||||
|
||||
- name: .ssh directory
|
||||
file:
|
||||
|
@ -11,6 +12,7 @@
|
|||
state: directory
|
||||
owner: "{{ owner }}"
|
||||
mode: 0755
|
||||
when: owner is defined
|
||||
|
||||
- name: Deploy key
|
||||
blockinfile:
|
||||
|
@ -18,13 +20,14 @@
|
|||
owner: "{{ owner }}"
|
||||
mode: 0644
|
||||
path: "~{{ owner }}/.ssh/authorized_keys"
|
||||
marker: "<!-- {mark} ANSIBLE MANAGED BLOCK: Deploy key for {{ uri }} -->"
|
||||
marker: "<!-- {mark} ANSIBLE MANAGED BLOCK: Deploy key for {{ domain }} -->"
|
||||
block: "{{ public_deploy_key }}"
|
||||
when: owner is defined and public_deploy_key is defined
|
||||
|
||||
- name: Configure nginx
|
||||
template:
|
||||
src: nginx.conf
|
||||
dest: "/etc/nginx/conf.d/{{ uri }}.conf"
|
||||
dest: "/etc/nginx/conf.d/{{ domain }}.conf"
|
||||
notify: reload nginx
|
||||
|
||||
- name: WWW directory
|
||||
|
@ -34,3 +37,4 @@
|
|||
owner: "{{ owner }}"
|
||||
group: "{{ owner }}"
|
||||
mode: 0755
|
||||
when: owner is defined and path is defined
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
server
|
||||
{
|
||||
listen 80;
|
||||
server_name .{{ uri }};
|
||||
server_name .{{ domain }};
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server
|
||||
{
|
||||
listen 443 ssl;
|
||||
server_name .{{ uri }};
|
||||
root /var/www/{{ uri }}/;
|
||||
include snippets/letsencrypt-{{ uri }}.conf;
|
||||
server_name .{{ domain }};
|
||||
root /var/www/{{ domain }}/;
|
||||
include snippets/letsencrypt-{{ domain }}.conf;
|
||||
index index.html;
|
||||
{{ nginx_extra }}
|
||||
}
|
|
@ -19,6 +19,7 @@
|
|||
src: "https://github.com/weechat/weechat/archive/v{{ version }}.tar.gz"
|
||||
remote_src: yes
|
||||
dest: "/usr/local/src/weechat/"
|
||||
creates: "/usr/local/src/weechat/weechat-{{ version }}/"
|
||||
register: new_weechat
|
||||
|
||||
- name: Compiling dependencies
|
||||
|
|
Loading…
Reference in New Issue
Block a user