ISTI-ansible-roles
/
ansible-role-nginx
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Manage some logrotate options.

This commit is contained in:
Andrea Dell'Amico 2020-06-09 14:44:21 +02:00
parent 3421e2d944
commit 494ed77f8b
4 changed files with 35 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
defaults/main.yml
View File

@ -79,14 +79,13 @@ nginx_pam_svc_name: nginx
nginx_ldap_uri: "ldap://ldap.example.org" nginx_ldap_uri: "ldap://ldap.example.org"
nginx_ldap_base_dn: "dc=example,dc=org" nginx_ldap_base_dn: "dc=example,dc=org"
nginx_basic_auth: False nginx_basic_auth: False
nginx_basic_auth_users: nginx_basic_auth_users: []
- { name: 'test', pwd: 'hide inside a vault file', file: '/etc/nginx/htpasswd' } # - { name: 'test', pwd: 'hide inside a vault file', file: '/etc/nginx/htpasswd' }
# nginx_ldap_login_attribute: uid # nginx_ldap_login_attribute: uid
# nginx_ldap_pam_groupdn: # nginx_ldap_pam_groupdn:
nginx_webroot: /usr/share/nginx/html nginx_webroot: /usr/share/nginx/html
nginx_letsencrypt_managed: True nginx_letsencrypt_managed: True
nginx_websockets_support: False nginx_websockets_support: False
nginx_use_common_virthost: False
# Set it to 'ssl http2' if the nginx version supports it # Set it to 'ssl http2' if the nginx version supports it
nginx_ssl_type: ssl nginx_ssl_type: ssl
# When we do not use letsencrypt: # When we do not use letsencrypt:
@ -94,6 +93,11 @@ nginx_ssl_type: ssl
# nginx_ssl_cert_key: '{{ pki_dir }}/keys/nginx.key' # nginx_ssl_cert_key: '{{ pki_dir }}/keys/nginx.key'
nginx_block_dotfiles: True nginx_block_dotfiles: True
# k,M,G
nginx_logrotate_maxfilesize: "1G"
nginx_logrotate_retention: "52"
nginx_use_common_virthost: False
# Virtualhost example # Virtualhost example
# nginx_virthosts: # nginx_virthosts:
# - virthost_name: '{{ ansible_fqdn }}' # - virthost_name: '{{ ansible_fqdn }}'

1
tasks/main.yml
View File

@ -6,6 +6,7 @@
- import_tasks: nginx-config.yml - import_tasks: nginx-config.yml
- import_tasks: nginx-virtualhosts.yml - import_tasks: nginx-virtualhosts.yml
when: nginx_use_common_virthost | bool when: nginx_use_common_virthost | bool
- import_tasks: nginx-logrotate.yml
- import_tasks: nginx-letsencrypt.yml - import_tasks: nginx-letsencrypt.yml
when: letsencrypt_acme_install is defined and letsencrypt_acme_install when: letsencrypt_acme_install is defined and letsencrypt_acme_install
- import_tasks: basic-auth.yml - import_tasks: basic-auth.yml

4
tasks/nginx-config.yml
View File

@ -31,7 +31,7 @@
with_items: '{{ nginx_old_snippets }}' with_items: '{{ nginx_old_snippets }}'
notify: Reload nginx notify: Reload nginx
when: nginx_enabled | bool when: nginx_enabled
tags: [ 'nginx', 'nginx_conf', 'nginx_virtualhost' ] tags: [ 'nginx', 'nginx_conf', 'nginx_virtualhost' ]
- block: - block:
@ -40,6 +40,6 @@
notify: Reload nginx notify: Reload nginx
when: when:
- nginx_enabled | bool - nginx_enabled
- ansible_distribution_file_variety == "Debian" - ansible_distribution_file_variety == "Debian"
tags: [ 'nginx', 'nginx_conf', 'nginx_virtualhost' ] tags: [ 'nginx', 'nginx_conf', 'nginx_virtualhost' ]

25
tasks/nginx-logrotate.yml Normal file
View File

@ -0,0 +1,25 @@
---
- block:
- name: Manage the log rotate size
lineinfile:
path: /etc/logrotate.d/nginx
insertbefore: "notifempty"
unsafe_writes: no
create: no
state: present
firstmatch: yes
regexp: "maxsize.*$"
line: " maxsize {{ nginx_logrotate_maxfilesize }}"
- name: Manage the log rotate size
lineinfile:
path: /etc/logrotate.d/nginx
insertbefore: "notifempty"
unsafe_writes: no
create: no
state: present
firstmatch: yes
regexp: "rotate.*$"
line: " rotate {{ nginx_logrotate_retention }}"
tags: [ 'nginx', 'nginx_conf', 'nginx_logrotate' ]