From 33186a15cccac0d55a2d373534c069228a71be35 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?= <frass@greenscale.de>
Date: Sat, 16 Dec 2023 15:15:35 +0100
Subject: [PATCH] [add] role:hedgedoc-and-nginx

---
 .../hedgedoc-and-nginx/defaults/main.json     |  3 ++
 ansible/roles/hedgedoc-and-nginx/info.md      |  8 +++++
 .../roles/hedgedoc-and-nginx/tasks/main.json  | 35 +++++++++++++++++++
 .../hedgedoc-and-nginx/templates/conf.j2      | 32 +++++++++++++++++
 4 files changed, 78 insertions(+)
 create mode 100644 ansible/roles/hedgedoc-and-nginx/defaults/main.json
 create mode 100644 ansible/roles/hedgedoc-and-nginx/info.md
 create mode 100644 ansible/roles/hedgedoc-and-nginx/tasks/main.json
 create mode 100644 ansible/roles/hedgedoc-and-nginx/templates/conf.j2

diff --git a/ansible/roles/hedgedoc-and-nginx/defaults/main.json b/ansible/roles/hedgedoc-and-nginx/defaults/main.json
new file mode 100644
index 0000000..840159e
--- /dev/null
+++ b/ansible/roles/hedgedoc-and-nginx/defaults/main.json
@@ -0,0 +1,3 @@
+{
+	"var_hedgedoc_and_nginx_domain": "hedgedoc.example.org"
+}
diff --git a/ansible/roles/hedgedoc-and-nginx/info.md b/ansible/roles/hedgedoc-and-nginx/info.md
new file mode 100644
index 0000000..7437bf0
--- /dev/null
+++ b/ansible/roles/hedgedoc-and-nginx/info.md
@@ -0,0 +1,8 @@
+## Beschreibung
+
+Um [Hedgedoc](../hedgedoc) mit mittels [nginx](../nginx)-reverse-proxy laufen zu lassen
+
+
+## Verweise
+
+- [Hedgedoc-Dokumentation](https://docs.hedgedoc.org/guides/reverse-proxy/#nginx)
diff --git a/ansible/roles/hedgedoc-and-nginx/tasks/main.json b/ansible/roles/hedgedoc-and-nginx/tasks/main.json
new file mode 100644
index 0000000..40614bb
--- /dev/null
+++ b/ansible/roles/hedgedoc-and-nginx/tasks/main.json
@@ -0,0 +1,35 @@
+[
+	{
+		"name": "deactivate default site",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "absent",
+			"dest": "/etc/nginx/sites-enabled/default"
+		}
+	},
+	{
+		"name": "emplace configuration | data",
+		"become": true,
+		"ansible.builtin.template": {
+			"src": "conf.j2",
+			"dest": "/etc/nginx/sites-available/{{var_hedgedoc_and_nginx_domain}}"
+		}
+	},
+	{
+		"name": "emplace configuration | link",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "link",
+			"src": "/etc/nginx/sites-available/{{var_hedgedoc_and_nginx_domain}}",
+			"dest": "/etc/nginx/sites-enabled/{{var_hedgedoc_and_nginx_domain}}"
+		}
+	},
+	{
+		"name": "restart nginx",
+		"become": true,
+		"ansible.builtin.systemd_service": {
+			"state": "restarted",
+			"name": "nginx"
+		}
+	}
+]
diff --git a/ansible/roles/hedgedoc-and-nginx/templates/conf.j2 b/ansible/roles/hedgedoc-and-nginx/templates/conf.j2
new file mode 100644
index 0000000..0760df4
--- /dev/null
+++ b/ansible/roles/hedgedoc-and-nginx/templates/conf.j2
@@ -0,0 +1,32 @@
+map $http_upgrade $connection_upgrade {
+	default upgrade;
+	'' close;
+}
+
+server {
+	server_name {{var_hedgedoc_and_nginx_domain}};
+	
+	listen [::]:443 ssl http2;
+	listen 443 ssl http2;
+	
+	ssl_certificate /etc/ssl/certs/{{var_hedgedoc_and_nginx_domain}}.pem;
+	ssl_certificate_key /etc/ssl/private/{{var_hedgedoc_and_nginx_domain}}.pem;
+	
+	location / {
+		proxy_pass http://localhost:3000;
+		proxy_set_header Host $host; 
+		proxy_set_header X-Real-IP $remote_addr; 
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
+		proxy_set_header X-Forwarded-Proto $scheme;
+	}
+	
+	location /socket.io/ {
+		proxy_pass http://localhost:3000;
+		proxy_set_header Host $host; 
+		proxy_set_header X-Real-IP $remote_addr; 
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection $connection_upgrade;
+	}
+}