From 239de28c120ffe4ff84d35eabe49d20d77e232d1 Mon Sep 17 00:00:00 2001 From: admin Date: Mon, 6 Apr 2026 03:49:54 +0000 Subject: [PATCH] =?UTF-8?q?=D0=9E=D0=B1=D0=BD=D0=BE=D0=B2=D0=B8=D1=82?= =?UTF-8?q?=D1=8C=20playbook2=5Fweb.yml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- playbook2_web.yml | 95 ++++++++++++++--------------------------------- 1 file changed, 28 insertions(+), 67 deletions(-) diff --git a/playbook2_web.yml b/playbook2_web.yml index 3fa9c91..68ce5d9 100644 --- a/playbook2_web.yml +++ b/playbook2_web.yml @@ -1,10 +1,8 @@ --- -- name: Configure Angie Web Server +- name: Configure Angie Web Server (ALT Linux) hosts: server become: true vars: - angie_repo_key: "https://angie.software/keys/angie-release-key.gpg" - angie_repo: "https://angie.software/packages/debian/dists/stable/main/binary-$(ARCH)/" ssl_cert_path: "/etc/angie/ssl/www.au.team.crt" ssl_key_path: "/etc/angie/ssl/www.au.team.key" server_name: "www.au.team" @@ -12,36 +10,19 @@ listen_port_https: 443 tasks: - - name: Install prerequisites for Angie repo - ansible.builtin.apt: - name: - - gnupg - - ca-certificates - - curl - - apt-transport-https - state: present - update_cache: true - tags: angie + - name: Update package cache (ALT Linux) + ansible.builtin.command: + cmd: apt-rpm update + changed_when: false + tags: + - angie - - name: Add Angie GPG key - ansible.builtin.apt_key: - url: "{{ angie_repo_key }}" - state: present - tags: angie - - - name: Add Angie repository - ansible.builtin.apt_repository: - repo: "deb [arch=amd64] https://angie.software/packages/debian stable main" - state: present - filename: angie - tags: angie - - - name: Install Angie web server - ansible.builtin.apt: + - name: Install Angie web server (ALT Linux) + ansible.builtin.package: name: angie state: present - update_cache: true - tags: angie + tags: + - angie - name: Create SSL directory ansible.builtin.file: @@ -50,7 +31,8 @@ mode: '0755' owner: root group: root - tags: ssl + tags: + - ssl - name: Generate self-signed SSL certificate ansible.builtin.command: @@ -61,7 +43,8 @@ -subj "/C=RU/ST=Moscow/L=Moscow/O=AU Team/CN={{ server_name }}" creates: "{{ ssl_cert_path }}" notify: Reload angie - tags: ssl + tags: + - ssl - name: Set proper permissions for SSL key ansible.builtin.file: @@ -69,19 +52,21 @@ mode: '0600' owner: root group: root - tags: ssl + tags: + - ssl - name: Create index.html with server name ansible.builtin.copy: content: "{{ inventory_hostname }} by Angie!\n" dest: /var/www/html/index.html mode: '0644' - owner: www-data - group: www-data - tags: web + owner: root + group: root + tags: + - web - name: Configure Angie vhost with HTTPS and HTTP redirect - ansible.builtin.template: + ansible.builtin.copy: content: | # HTTP server - redirect to HTTPS server { @@ -110,49 +95,25 @@ try_files $uri $uri/ =404; } - # Add HSTS header add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; } - dest: /etc/angie/sites-available/www.au.team.conf + dest: /etc/angie/conf.d/www.au.team.conf mode: '0644' backup: true notify: Reload angie - tags: web - - - name: Enable site configuration - ansible.builtin.file: - src: /etc/angie/sites-available/www.au.team.conf - dest: /etc/angie/sites-enabled/www.au.team.conf - state: link - notify: Reload angie - tags: web - - - name: Disable default site if exists - ansible.builtin.file: - path: /etc/angie/sites-enabled/default - state: absent - notify: Reload angie - tags: web - - - name: Add www.au.team to /etc/hosts for local resolution - ansible.builtin.lineinfile: - path: /etc/hosts - regexp: '^127\.0\.1\.1\s+www\.au\.team' - line: "127.0.1.1 {{ server_name }}" - state: present - tags: dns + tags: + - web - name: Enable and start Angie service ansible.builtin.systemd: name: angie enabled: true state: started - daemon_reload: true - tags: angie + tags: + - angie handlers: - name: Reload angie ansible.builtin.systemd: name: angie - state: reloaded - daemon_reload: true \ No newline at end of file + state: reloaded \ No newline at end of file