Change how the configuration is written to the servers

5 files changed, 93 insertions, 105 deletions

diff --git a/defaults/main.yml b/defaults/main.yml
index f7bc1b7..f6382fd 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,6 +1,4 @@
-nginx_worker_processes: 1
-nginx_worker_connections: 1024
-
+---
 # These need to be strings to be parsed properly
 nginx_conf_dir_mode: '0770'
 nginx_conf_file_mode: '0640'
@@ -8,19 +6,8 @@ nginx_conf_file_mode: '0640'
 nginx_conf_owner: root
 nginx_conf_group: adm
 
-# RFC 1918 addresses are already included. Inserted directly into
-# nginx configuration with an `include`
-nginx_acl_block: ""
-
 nginx_conf_dir: "/etc/nginx"
 
-nginx_acme_challenge_block: |
-  location /.well-known/acme-challenge {
-    # This works for acmetool. If using letsencrypt change 'alias' to 'root'
-    alias /var/run/acme/acme-challenge/;
-    # alias /var/lib/acme-challenge;
-  }
-
 
 # The default server listens on port 80 normally, you can change that if you
 # like
@@ -29,6 +16,27 @@ nginx_default_listen: |
   listen	   [::]:80;
 
 
+nginx_includes:
+  acl: |
+    # RFC 1918 addresses
+    allow 172.16.0.0/12;
+    allow 192.168.0.0/16;
+    allow 10.0.0.0/8;
+    allow 127.0.0.0/8;
+    deny all;
+
+nginx_confd:
+  node_exporter.conf: |
+    server {
+      listen 49050;
+      listen [::]:49050;
+
+      location / {
+        include acl;
+        proxy_pass http://127.0.0.1:9100;
+      }
+    }
+
 nginx_robots:
   - name: allow
     robots_txt: |
@@ -45,6 +53,52 @@ nginx_robots:
       User-agent: *
       Disallow: /
 
-# If "True" it will template out {{ansible_hostname}}/nginx/nginx.conf instead
-# of nginx/nginx.conf
-nginx_custom_template: False
+nginx_conf: |
+  worker_processes  auto;
+
+  events {
+    worker_connections 1024;
+  }
+
+
+  http {
+    include     mime.types;
+    default_type  application/octet-stream;
+
+    sendfile    on;
+    #tcp_nopush   on;
+
+    #keepalive_timeout  0;
+    keepalive_timeout  65;
+
+    gzip  on;
+
+    server_tokens off;
+
+    server {
+      {{nginx_default_listen}}
+      server_name  localhost;
+
+      include acme-challenge;
+
+      location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+      }
+
+      location /stub_status {
+        stub_status;
+        access_log off;
+        allow 127.0.0.1;
+        deny all;
+       }
+
+      error_page   500 502 503 504  /50x.html;
+      location = /50x.html {
+        root   /usr/share/nginx/html;
+      }
+    }
+
+    include conf.d/*.conf;
+
+  }
diff --git a/tasks/main.yml b/tasks/main.yml
index 6f0d944..225662f 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -18,15 +18,7 @@
     - "{{nginx_conf_dir}}/conf.d"
   tags:
     - conf
-- name: Create Acme Challenge directory
-  file:
-    path: /var/lib/acme-challenge
-    state: directory
-    owner: "{{nginx_conf_owner}}"
-    group: "{{nginx_conf_group}}"
-    mode: "0755"
-  tags:
-    - conf
+
 - name: Create Robots directory
   file:
     path: /var/lib/nginx-robots
@@ -69,44 +61,45 @@
   tags:
     - robots
     - conf
-- name: Install Main 'nginx.conf'
-  template:
-    src: nginx/nginx.conf
+
+- name: Install 'nginx.conf'
+  copy:
+    content: '{{nginx_conf}}'
     dest: "{{nginx_conf_dir}}/nginx.conf"
     owner: "{{nginx_conf_owner}}"
     group: "{{nginx_conf_group}}"
     mode: "{{nginx_conf_file_mode}}"
-  when: not nginx_custom_template
   notify:
     - Restart Nginx
   tags:
     - conf
-- name: Install custom 'nginx.conf'
-  template:
-    src: "{{ansible_hostname}}/nginx/nginx.conf"
-    dest: "{{nginx_conf_dir}}/nginx.conf"
+
+- name: Install Nginx Snippets
+  copy:
+    content: '{{item.value}}'
+    dest: "{{nginx_conf_dir}}/{{item.key}}"
     owner: "{{nginx_conf_owner}}"
     group: "{{nginx_conf_group}}"
     mode: "{{nginx_conf_file_mode}}"
-  when: nginx_custom_template
-  notify:
-    - Restart Nginx
+  loop: '{{nginx_includes | dict2items}}'
+  when: 'nginx_includes is defined'
+  notify: Restart Nginx
   tags:
     - conf
-- name: Install Other Nginx templates
-  template:
-    src: "nginx/{{item}}"
-    dest: "{{nginx_conf_dir}}/{{item}}"
+
+- name: Install Nginx conf.d entires
+  copy:
+    content: '{{item.value}}'
+    dest: "{{nginx_conf_dir}}/conf.d/{{item.key}}"
     owner: "{{nginx_conf_owner}}"
     group: "{{nginx_conf_group}}"
     mode: "{{nginx_conf_file_mode}}"
-  loop:
-    - acme-challenge
-    - acl
-  notify:
-    - Restart Nginx
+  loop: '{{nginx_confd | dict2items}}'
+  when: 'nginx_confd is defined'
+  notify: Restart Nginx
   tags:
     - conf
+
 - name: Install Htpasswd
   copy:
     src: '{{nginx_htpasswd}}'
diff --git a/templates/nginx/acl b/templates/nginx/acl
deleted file mode 100644
index ad33e0a..0000000
--- a/templates/nginx/acl
+++ /dev/null
@@ -1,9 +0,0 @@
-# RFC 1918 addresses
-allow 172.16.0.0/12;
-allow 192.168.0.0/16;
-allow 10.0.0.0/8;
-
-{{nginx_acl_block}}
-
-deny all;
-
diff --git a/templates/nginx/acme-challenge b/templates/nginx/acme-challenge
deleted file mode 100644
index 354dd99..0000000
--- a/templates/nginx/acme-challenge
+++ /dev/null
@@ -1 +0,0 @@
-{{nginx_acme_challenge_block}}
diff --git a/templates/nginx/nginx.conf b/templates/nginx/nginx.conf
deleted file mode 100644
index 08765d7..0000000
--- a/templates/nginx/nginx.conf
+++ /dev/null
@@ -1,49 +0,0 @@
-worker_processes  {{nginx_worker_processes}};
-
-events {
-	worker_connections  {{nginx_worker_connections}};
-}
-
-
-http {
-	include	   mime.types;
-	default_type  application/octet-stream;
-
-	sendfile		on;
-	#tcp_nopush	 on;
-
-	#keepalive_timeout  0;
-	keepalive_timeout  65;
-
-	gzip  on;
-
-	server_tokens off;
-
-	server {
-		{{nginx_default_listen}}
-		server_name  localhost;
-
-		include acme-challenge;
-
-		location / {
-			root   /usr/share/nginx/html;
-			index  index.html index.htm;
-		}
-
-		location /stub_status {
-			stub_status;
-			access_log off;
-			allow 127.0.0.1;
-			deny all;
-		 }
-
-		error_page   500 502 503 504  /50x.html;
-		location = /50x.html {
-			root   /usr/share/nginx/html;
-		}
-	}
-
-	include conf.d/*.conf;
-
-}
-