117 lines
3 KiB
YAML
117 lines
3 KiB
YAML
---
|
|
firewall_rules:
|
|
- port: 443/tcp
|
|
permanent: true
|
|
state: enabled
|
|
- port: 9100/tcp
|
|
permanent: true
|
|
state: enabled
|
|
|
|
tls_ca_cert: "/etc/pki/tls/certs/ca-bundle.crt"
|
|
tls_cert: "/etc/pki/tls/certs/{{ ansible_fqdn }}.crt"
|
|
tls_key: "/etc/pki/tls/private/{{ ansible_fqdn }}.key"
|
|
|
|
ipa_getcert_requested_hostnames:
|
|
- name: "{{ ansible_fqdn }}"
|
|
owner: nginx
|
|
key_location: "{{ tls_key }}"
|
|
cert_location: "{{ tls_cert }}"
|
|
postcmd: "systemctl reload httpd"
|
|
|
|
mirrormanager_dbtype: postgres
|
|
mirrormanager_db:
|
|
host: "db.rockylinux.org"
|
|
port: 5432
|
|
user: mirrormanager
|
|
password: "{{ _mirrormanager_db_rw_pass }}"
|
|
dbname: mirrormanager_db
|
|
ssl: true
|
|
|
|
mirrormanager_user:
|
|
name: mirrormanager
|
|
comment: "Mirrormanager user"
|
|
group: mirrormanager
|
|
gid: 10005
|
|
uid: 10004
|
|
|
|
mirrormanager_dir: /opt/mirrormanager
|
|
|
|
####################
|
|
### NGINX CONFIG ###
|
|
####################
|
|
|
|
|
|
# no demo config/template
|
|
nginx_config_html_demo_template_enable: false
|
|
|
|
nginx_config_selinux: true
|
|
nginx_config_selinux_enforcing: true
|
|
|
|
nginx_config_start: true
|
|
|
|
nginx_config_debug_output: true
|
|
nginx_config_debug_tasks: true
|
|
|
|
# nginx_config_cleanup: true
|
|
|
|
nginx_config_http_template_enable: true
|
|
nginx_config_main_template_enable: true
|
|
|
|
nginx_config_http_template:
|
|
default:
|
|
template_file: http/default.conf.j2
|
|
conf_file_name: default.conf
|
|
conf_file_location: /etc/nginx/conf.d/
|
|
servers:
|
|
redirect_https:
|
|
listen:
|
|
v6:
|
|
ip: '[::]' # Wrap in square brackets for IPv6 addresses
|
|
port: 80
|
|
opts: ['default_server']
|
|
v4:
|
|
ip: '' # Wrap in square brackets for IPv6 addresses
|
|
port: 80
|
|
opts: ['default_server']
|
|
server_name: "{{ ansible_fqdn }}"
|
|
error_page: /usr/share/nginx/html
|
|
access_log:
|
|
- name: main
|
|
location: /var/log/nginx/access.log
|
|
error_log:
|
|
location: /var/log/nginx/error.log
|
|
level: warn
|
|
root: "{{ mirrormanager_dir }}"
|
|
https_redirect: $host
|
|
mirrormanager:
|
|
listen:
|
|
v6:
|
|
ip: '[::]' # Wrap in square brackets for IPv6 addresses
|
|
port: 443
|
|
ssl: true
|
|
opts: ['http2', 'default_server']
|
|
v4:
|
|
ip: '' # Wrap in square brackets for IPv6 addresses
|
|
port: 443
|
|
ssl: true
|
|
opts: ['http2', 'default_server']
|
|
ssl:
|
|
cert: "{{ tls_cert }}"
|
|
key: "{{ tls_key }}"
|
|
server_name: "{{ ansible_fqdn }}"
|
|
error_page: /usr/share/nginx/html
|
|
access_log:
|
|
- name: main
|
|
location: /var/log/nginx/access.log
|
|
error_log:
|
|
location: /var/log/nginx/error.log
|
|
level: warn
|
|
root: "{{ mirrormanager_dir }}"
|
|
web_server:
|
|
locations:
|
|
default:
|
|
location: /
|
|
custom_options:
|
|
- "proxy_pass http://localhost:3000/;"
|
|
http_demo_conf: false
|
|
...
|