From 37a5b0cb7bcc161e0a3047d746e3534848607a62 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?=
 <christian.frass@dielinke-glauchau.de>
Date: Thu, 4 Jul 2024 23:00:25 +0200
Subject: [PATCH] [mod] role:owncloud-and-nginx:tls switch

---
 roles/owncloud-and-nginx/defaults/main.json |  3 ++-
 roles/owncloud-and-nginx/templates/conf.j2  | 25 +++++++++++++++++----
 roles/owncloud-and-nginx/vardef.json        | 16 +++++++++++++
 3 files changed, 39 insertions(+), 5 deletions(-)
 create mode 100644 roles/owncloud-and-nginx/vardef.json

diff --git a/roles/owncloud-and-nginx/defaults/main.json b/roles/owncloud-and-nginx/defaults/main.json
index c9d2b8f..72f31e1 100644
--- a/roles/owncloud-and-nginx/defaults/main.json
+++ b/roles/owncloud-and-nginx/defaults/main.json
@@ -1,3 +1,4 @@
 {
-	"var_owncloud_and_nginx_domain": "owncloud.example.org"
+	"var_owncloud_and_nginx_domain": "owncloud.example.org",
+	"var_owncloud_and_nginx_tls_mode": "enable"
 }
diff --git a/roles/owncloud-and-nginx/templates/conf.j2 b/roles/owncloud-and-nginx/templates/conf.j2
index 77e4eaf..80fb668 100644
--- a/roles/owncloud-and-nginx/templates/conf.j2
+++ b/roles/owncloud-and-nginx/templates/conf.j2
@@ -1,16 +1,33 @@
+{% macro owncloud_common() %}
+	location / {
+		proxy_pass http://localhost:9200;
+	}
+{% endmacro %}
+
 server {
 	listen 80;
 	listen [::]:80;
+	
+	server_name {{var_owncloud_and_nginx_domain}};
+	
+{% if var_owncloud_and_nginx_tls_mode == 'force' %}
+	return 301 https://$http_host$request_uri;
+{% else %}
+	{{ owncloud_common() }}
+{% endif %}
+}
+
+{% if var_owncloud_and_nginx_tls_mode != 'disable' %}
+server {
 	listen 443 ssl;
 	listen [::]:443 ssl;
 	
 	server_name {{var_owncloud_and_nginx_domain}};
 	
-	ssl_certificate /etc/ssl/fullchains/{{var_owncloud_and_nginx_domain}}.pem;
 	ssl_certificate_key /etc/ssl/private/{{var_owncloud_and_nginx_domain}}.pem;
+	ssl_certificate /etc/ssl/fullchains/{{var_owncloud_and_nginx_domain}}.pem;
 	include /etc/nginx/ssl-hardening.conf;
 	
-	location / {
-		proxy_pass http://localhost:9200;
-	}
+	{{ owncloud_common() }}
 }
+{% endif %}
diff --git a/roles/owncloud-and-nginx/vardef.json b/roles/owncloud-and-nginx/vardef.json
new file mode 100644
index 0000000..78b56a8
--- /dev/null
+++ b/roles/owncloud-and-nginx/vardef.json
@@ -0,0 +1,16 @@
+
+{
+	"domain": {
+		"type": "string",
+		"mandatory": false
+	},
+	"tls_mode": {
+        "type": "string",
+        "options": [
+			"disable",
+			"enable",
+			"force"
+        ],
+        "mandatory": false
+	}
+}