--- # The home-server project produces a multi-purpose setup using Ansible. # Copyright © 2018 Y. Gablin, under the GPL-3.0-or-later license. # Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. ### UPSTREAM BEGIN ⇒ ### - name: pull prerequisites from upstream include_role: name=etckeeper.inc allow_duplicates=true tasks_from=upstream.yml vars: msg: SSOwat ### ⇐ UPSTREAM BEGIN ### - name: install software package: name: "{{item}}" state: present with_items: - lua51-filesystem - name: install AUR software include_role: name: aur.inc allow_duplicates: true vars: packages: - lua51-lualdap-git - ssowat-git aur_user: git # USUALLY NOT UP-TO-DATE… :-( # - nginx-mainline-mod-ndk # - nginx-mainline-mod-lua ### UPSTREAM END ⇒ ### - name: merge upstream include_role: name=etckeeper.inc allow_duplicates=true tasks_from=merge.yml vars: msg: SSOwat ### ⇐ UPSTREAM END ### - name: send the custom SSOwat configuration template: src: templates/conf.json.j2 dest: /etc/ssowat/conf.json group: http mode: 0640 - name: add the LUA language to Nginx copy: content: | load_module /usr/lib/nginx/modules/ndk_http_module.so; load_module /usr/lib/nginx/modules/ngx_http_lua_module.so; dest: /etc/nginx/main.inc.d/ndk+lua.inc mode: 0644 notify: - restart nginx.service - name: init the SSO code in Nginx copy: content: | lua_shared_dict cache 10m; init_by_lua_file /etc/ssowat/init.lua; dest: /etc/nginx/conf.d/00_ssowat.conf group: http mode: 0640 notify: - restart nginx.service - name: enforce SSO checking for each request copy: content: | access_by_lua_file /etc/ssowat/access.lua; header_filter_by_lua_file /etc/ssowat/headers.lua; dest: /etc/nginx/inc.d/00_ssowat.https.inc group: http mode: 0640 notify: - restart nginx.service ### LOCAL COMMIT ⇒ ### - name: commit local changes include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml vars: msg: SSOwat ### ⇐ LOCAL COMMIT ### - meta: flush_handlers