1 files changed, 81 insertions, 0 deletions

diff --git a/playbooks/http.yaml b/playbooks/http.yaml
new file mode 100644
index 0000000..3c43e2f
--- /dev/null
+++ b/playbooks/http.yaml
@@ -0,0 +1,81 @@
+- name: Web server
+  hosts: hollyhock
+  become: true
+  tasks:
+    - name: Install nginx
+      ansible.builtin.apt:
+        name: nginx
+        state: present
+        update_cache: true
+
+    - name: Start and enable nginx
+      ansible.builtin.systemd:
+        name: nginx
+        state: started
+        enabled: true
+
+    - name: Configure nginx
+      ansible.builtin.copy:
+        src: nginx.conf
+        dest: /etc/nginx/nginx.conf
+        mode: "0644"
+        backup: true
+      notify: Test and restart nginx
+
+    - name: Create log directories
+      ansible.builtin.file:
+        path: "/var/log/nginx/{{ item.name }}"
+        state: directory
+        owner: "{{ nginx_user }}"
+        group: "{{ nginx_log_group }}"
+        mode: "0755"
+      loop: "{{ sites }}"
+
+    - name: Copy initial http-only sites
+      ansible.builtin.template:
+        src: nginx/http.conf.j2
+        dest: "/etc/nginx/sites-available/{{ item.name }}-http"
+        mode: "0644"
+      loop: "{{ sites }}"
+      notify: Test and restart nginx
+
+    - name: Check if initial https sites have been enabled
+      ansible.builtin.stat:
+        path: "/etc/nginx/sites-enabled/{{ item.name }}-https"
+      register: https_sites
+      loop: "{{ sites }}"
+
+    - name: Check if final sites have been enabled
+      ansible.builtin.stat:
+        path: "/etc/nginx/sites-enabled/{{ item.name }}"
+      register: final_sites
+      loop: "{{ sites }}"
+
+    - name: Enable initial http-only sites
+      ansible.builtin.file:
+        src: "/etc/nginx/sites-available/{{ item.name }}-http"
+        dest: "/etc/nginx/sites-enabled/{{ item.name }}-http"
+        state: link
+      loop: "{{ sites }}"
+      loop_control:
+        index_var: index
+      when:
+        - not https_sites.results[index].stat.exists
+        - not final_sites.results[index].stat.exists
+      notify: Test and restart nginx
+
+    - name: Disable default nginx site
+      ansible.builtin.file:
+        path: /etc/nginx/sites-enabled/default
+        state: absent
+      notify: Test and restart nginx
+
+    - name: Allow http traffic through firewall
+      community.general.ufw:
+        rule: allow
+        port: 80
+        proto: tcp
+
+  handlers:
+    - name: Test and restart nginx
+      ansible.builtin.include_tasks: tasks/test_and_restart_nginx.yaml