ansible-proxmox-https/main.yml at main · patbec/ansible-proxmox-https · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
- name: Proxmox
  hosts: proxmox
  gather_facts: true
  become: true
  tasks:
    - name: Ensure certificate is present
      block:
        - name: Get stats from pveproxy-ssl.pem
          ansible.builtin.stat:
            path: /etc/pve/local/pveproxy-ssl.pem
          register: cert_pem

        - name: Get stats from pveproxy-ssl.key
          ansible.builtin.stat:
            path: /etc/pve/local/pveproxy-ssl.key
          register: cert_key

        - name: Ensure that ACME has been set up
          ansible.builtin.assert:
            that:
              - cert_pem.stat.exists == true
              - cert_key.stat.exists == true
            fail_msg: "Certificate was not found, make sure ACME has been set up."

    # - name: Configure repositories
    #   block:
    #     - name: Remove Proxmox enterprise repository
    #       ansible.builtin.apt_repository:
    #         repo: deb https://enterprise.proxmox.com/debian/pve {{ ansible_distribution_release }} pve-enterprise
    #         filename: pve-enterprise
    #         state: absent
    #         update_cache: true

    #     - name: Add Proxmox no-subscription repository
    #       ansible.builtin.apt_repository:
    #         repo: deb http://download.proxmox.com/debian/pve {{ ansible_distribution_release }} pve-no-subscription
    #         filename: pve-no-subscription
    #         state: present
    #         update_cache: true

    - name: Install nginx
      ansible.builtin.apt:
        name:
          - nginx-light
        policy_rc_d: 101  # Prevent autostart

    - name: Configure nginx application
      notify:
        - Stop nginx
      block:
        - name: Template nginx configuration
          ansible.builtin.template:
            src: etc/nginx/nginx.conf.j2
            dest: /etc/nginx/nginx.conf
            owner: root
            group: root
            mode: "0644"
            validate: nginx -t -c "%s"

        - name: Template proxmox site
          ansible.builtin.template:
            src: etc/nginx/sites-available/proxmox.conf.j2
            dest: /etc/nginx/sites-available/proxmox.conf
            owner: root
            group: root
            mode: "0644"

        - name: Enable proxmox site
          ansible.builtin.file:
            src: /etc/nginx/sites-available/proxmox.conf
            dest: /etc/nginx/sites-enabled/proxmox.conf
            owner: root
            group: root
            state: link

    - name: Configure nginx service
      notify:
        - Stop nginx
      block:
        - name: Ensure nginx override folder exists
          ansible.builtin.file:
            path: /etc/systemd/system/nginx.service.d
            state: directory
            mode: "0755"

        - name: Template nginx override configuration
          ansible.builtin.template:
            src: etc/systemd/system/nginx.service.d/override.conf.j2
            dest: /etc/systemd/system/nginx.service.d/override.conf
            owner: root
            group: root
            mode: "0644"

    - name: Stop nginx if configuration has changed
      ansible.builtin.meta: flush_handlers

    - name: Ensure nginx is started
      ansible.builtin.service:
        name: nginx
        state: started
        enabled: true

  handlers:
    - name: Stop nginx
      ansible.builtin.service:
        name: nginx
        state: stopped
        daemon_reload: true