chore: improve nginx role so config can be shared and avoid unneeded duplication between roles / VMs

2025-10-14 00:19:53 +02:00 · 2025-10-14 00:19:53 +02:00 · 5d126b1ce1
commit 5d126b1ce1
parent 5b9295d3a5
4 changed files with 81 additions and 6 deletions
--- a/roles/nginx/tasks/main.yaml
+++ b/roles/nginx/tasks/main.yaml
@ -2,7 +2,19 @@
  ansible.builtin.file:
    path: /srv/nginx
    state: directory
-    mode: '0644'
+    mode: '0755'
+
+- name: Create certs dir if it doesn't exist
+  ansible.builtin.file:
+    path: /srv/certs
+    state: directory
+    mode: '0755'
+
+- name: Create conf.d dir if it doesn't exist
+  ansible.builtin.file:
+    path: /srv/nginx/conf.d
+    state: directory
+    mode: '0755'

 - name: Copy over nginx.container file
  ansible.builtin.copy:
@ -12,10 +24,26 @@
    group: root
    mode: '0644'

+- name: Copy over nginx.conf file
+  ansible.builtin.copy:
+    src: ./files/nginx.conf
+    dest: /srv/nginx/nginx.conf
+    owner: root
+    group: root
+    mode: '0644'
+
 - name: Copy over tls.conf file
  ansible.builtin.copy:
    src: ./files/tls.conf
-    dest: /srv/nginx/tls.conf
+    dest: /srv/nginx/conf.d/tls.conf
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Copy over frontend network
+  ansible.builtin.copy:
+    src: ./files/frontend.network
+    dest: /etc/containers/systemd/frontend.network
    owner: root
    group: root
    mode: '0644'
@ -27,6 +55,5 @@
 - name: Start nginx container
  ansible.builtin.systemd_service:
    name: nginx.service
-    state: started
-    enabled: true
+    state: restarted