Обновить playbook2_web.yml

playbook2_web.yml

@@ -1,10 +1,8 @@
 ---
-- name: Configure Angie Web Server
+- name: Configure Angie Web Server (ALT Linux)
   hosts: server
   become: true
   vars:
-    angie_repo_key: "https://angie.software/keys/angie-release-key.gpg"
-    angie_repo: "https://angie.software/packages/debian/dists/stable/main/binary-$(ARCH)/"
     ssl_cert_path: "/etc/angie/ssl/www.au.team.crt"
     ssl_key_path: "/etc/angie/ssl/www.au.team.key"
     server_name: "www.au.team"
@@ -12,36 +10,19 @@
     listen_port_https: 443
 
   tasks:
-    - name: Install prerequisites for Angie repo
-      ansible.builtin.apt:
-        name:
-          - gnupg
-          - ca-certificates
-          - curl
-          - apt-transport-https
-        state: present
-        update_cache: true
-      tags: angie
+    - name: Update package cache (ALT Linux)
+      ansible.builtin.command:
+        cmd: apt-rpm update
+      changed_when: false
+      tags:
+        - angie
 
-    - name: Add Angie GPG key
-      ansible.builtin.apt_key:
-        url: "{{ angie_repo_key }}"
-        state: present
-      tags: angie
-
-    - name: Add Angie repository
-      ansible.builtin.apt_repository:
-        repo: "deb [arch=amd64] https://angie.software/packages/debian stable main"
-        state: present
-        filename: angie
-      tags: angie
-
-    - name: Install Angie web server
-      ansible.builtin.apt:
+    - name: Install Angie web server (ALT Linux)
+      ansible.builtin.package:
         name: angie
         state: present
-        update_cache: true
-      tags: angie
+      tags:
+        - angie
 
     - name: Create SSL directory
       ansible.builtin.file:
@@ -50,7 +31,8 @@
         mode: '0755'
         owner: root
         group: root
-      tags: ssl
+      tags:
+        - ssl
 
     - name: Generate self-signed SSL certificate
       ansible.builtin.command:
@@ -61,7 +43,8 @@
           -subj "/C=RU/ST=Moscow/L=Moscow/O=AU Team/CN={{ server_name }}"
         creates: "{{ ssl_cert_path }}"
       notify: Reload angie
-      tags: ssl
+      tags:
+        - ssl
 
     - name: Set proper permissions for SSL key
       ansible.builtin.file:
@@ -69,19 +52,21 @@
         mode: '0600'
         owner: root
         group: root
-      tags: ssl
+      tags:
+        - ssl
 
     - name: Create index.html with server name
       ansible.builtin.copy:
         content: "{{ inventory_hostname }} by Angie!\n"
         dest: /var/www/html/index.html
         mode: '0644'
-        owner: www-data
-        group: www-data
-      tags: web
+        owner: root
+        group: root
+      tags:
+        - web
 
     - name: Configure Angie vhost with HTTPS and HTTP redirect
-      ansible.builtin.template:
+      ansible.builtin.copy:
         content: |
           # HTTP server - redirect to HTTPS
           server {
@@ -110,49 +95,25 @@
                   try_files $uri $uri/ =404;
               }
 
-              # Add HSTS header
               add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
           }
-        dest: /etc/angie/sites-available/www.au.team.conf
+        dest: /etc/angie/conf.d/www.au.team.conf
         mode: '0644'
         backup: true
       notify: Reload angie
-      tags: web
-
-    - name: Enable site configuration
-      ansible.builtin.file:
-        src: /etc/angie/sites-available/www.au.team.conf
-        dest: /etc/angie/sites-enabled/www.au.team.conf
-        state: link
-      notify: Reload angie
-      tags: web
-
-    - name: Disable default site if exists
-      ansible.builtin.file:
-        path: /etc/angie/sites-enabled/default
-        state: absent
-      notify: Reload angie
-      tags: web
-
-    - name: Add www.au.team to /etc/hosts for local resolution
-      ansible.builtin.lineinfile:
-        path: /etc/hosts
-        regexp: '^127\.0\.1\.1\s+www\.au\.team'
-        line: "127.0.1.1 {{ server_name }}"
-        state: present
-      tags: dns
+      tags:
+        - web
 
     - name: Enable and start Angie service
       ansible.builtin.systemd:
         name: angie
         enabled: true
         state: started
-        daemon_reload: true
-      tags: angie
+      tags:
+        - angie
 
   handlers:
     - name: Reload angie
       ansible.builtin.systemd:
         name: angie
-        state: reloaded
-        daemon_reload: true
+        state: reloaded