First functional nginx version

roles/jenkins-php-v1/tasks/00_precheck.yml

@@ -18,3 +18,14 @@
   shell: etckeeper unclean && echo "Uncommitted changes." && return 1 || return 0
   changed_when: False
   when: etckeeper_installed
+
+# Autodetect if we can use HTTPS in Nginx and jenkinsUrl configs
+- name: Autodetect SSL - look up certificate existence on remote host
+  stat:
+    path: "{{ nginx_vhost_ssl_certificate_file }}"
+  register: result
+  when: nginx_vhost_ssl is undefined or nginx_vhost_ssl == None
+- name: Autodetect SSL - set fact
+  set_fact:
+    nginx_vhost_ssl: "{{ result.stat.exists is defined and result.stat.exists }}"
+  when: nginx_vhost_ssl is undefined or nginx_vhost_ssl == None

roles/jenkins-php-v1/tasks/40_configure-jenkins.yml

@@ -36,6 +36,19 @@
     - "jenkins.model.JenkinsLocationConfiguration.xml.j2"
   notify: safe-restart jenkins and wait
 
+- name: Upload ResourceDomainConfiguration.xml
+  template:
+    src: "{{ item }}"
+    dest: "{{ jenkins_home }}/jenkins.security.ResourceDomainConfiguration.xml"
+    owner: jenkins
+    group: jenkins
+    mode: 0644
+    backup: yes
+  with_first_found:
+    - "jenkins.security.ResourceDomainConfiguration.xml.{{ ansible_fqdn }}.j2"
+    - "jenkins.security.ResourceDomainConfiguration.xml.j2"
+  notify: safe-restart jenkins and wait
+
 # Generate a SSH RSA key pair if not already present
 # (we do it without the Ansible module which is only available starting 2.8)
 # (and we don't use become/become_user because it fails with a permission denied on /tmp/.ansible...)

roles/jenkins-php-v1/tasks/60_install-nginx-proxy.yml

@@ -0,0 +1,49 @@
+---
+
+
+- name: Install NginX
+  apt:
+    name:
+      - nginx-light
+    state: present
+
+- name: Upload the nginx vhosts template
+  template:
+    src: "{{ item }}"
+    dest: /etc/nginx/sites-available/jenkins
+    owner: root
+    group: root
+    backup: yes
+    force: yes
+  with_first_found:
+    - "nginx-vhost.{{ ansible_fqdn }}.j2"
+    - "nginx-vhost.j2"
+  register: tmp
+  notify: reload nginx
+- name: Etckeeper - commit
+  command: "etckeeper commit 'Ansible/nginx: maintaining Jenkins vhost'"
+  when: tmp.changed and etckeeper_installed
+
+- name: Activate nginx vhost
+  file:
+    src: /etc/nginx/sites-available/jenkins
+    dest: /etc/nginx/sites-enabled/jenkins
+    state: link
+  register: tmp
+  notify: reload nginx
+- name: Etckeeper - commit
+  command: "etckeeper commit 'Ansible/nginx: activating Jenkins vhost'"
+  when: tmp.changed and etckeeper_installed
+
+- name: Make Jenkins only listen to loopback network interface
+  ini_file:
+    path: /etc/default/jenkins
+    section:
+    option: JENKINS_ARGS
+    value: '"--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1"'
+    no_extra_spaces: yes
+  register: tmp
+  notify: restart jenkins
+- name: Etckeeper - commit
+  command: "etckeeper commit 'Ansible/jenkins: maintaining /etc/default/jenkins'"
+  when: tmp.changed and etckeeper_installed

roles/jenkins-php-v1/tasks/main.yml

@@ -39,3 +39,6 @@
 
 - include_tasks: roles/jenkins-php-v1/tasks/50_create-jobs.yml
   when: gogogo
+
+- include_tasks: roles/jenkins-php-v1/tasks/60_install-nginx-proxy.yml
+  when: gogogo