From 512b36be8216115107a324456b173566cbdff133 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?=
 <christian.frass@dielinke-glauchau.de>
Date: Wed, 20 Mar 2024 20:54:12 +0100
Subject: [PATCH] [add] role:gitlab-and-nginx

---
 .../roles/gitlab-and-nginx/defaults/main.json |  4 +++
 .../roles/gitlab-and-nginx/tasks/main.json    | 35 +++++++++++++++++++
 .../roles/gitlab-and-nginx/templates/conf.j2  | 35 +++++++++++++++++++
 3 files changed, 74 insertions(+)
 create mode 100644 ansible/roles/gitlab-and-nginx/defaults/main.json
 create mode 100644 ansible/roles/gitlab-and-nginx/tasks/main.json
 create mode 100644 ansible/roles/gitlab-and-nginx/templates/conf.j2

diff --git a/ansible/roles/gitlab-and-nginx/defaults/main.json b/ansible/roles/gitlab-and-nginx/defaults/main.json
new file mode 100644
index 0000000..6bffbd7
--- /dev/null
+++ b/ansible/roles/gitlab-and-nginx/defaults/main.json
@@ -0,0 +1,4 @@
+{
+	"var_gitlab_and_nginx_domain": "element.example.org",
+	"var_gitlab_and_nginx_path": "/opt/element"
+}
diff --git a/ansible/roles/gitlab-and-nginx/tasks/main.json b/ansible/roles/gitlab-and-nginx/tasks/main.json
new file mode 100644
index 0000000..7fc22b8
--- /dev/null
+++ b/ansible/roles/gitlab-and-nginx/tasks/main.json
@@ -0,0 +1,35 @@
+[
+	{
+		"name": "deactivate default site",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "absent",
+			"dest": "/etc/nginx/sites-enabled/default"
+		}
+	},
+	{
+		"name": "emplace configuration | data",
+		"become": true,
+		"ansible.builtin.template": {
+			"src": "conf.j2",
+			"dest": "/etc/nginx/sites-available/{{var_gitlab_and_nginx_domain}}"
+		}
+	},
+	{
+		"name": "emplace configuration | link",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "link",
+			"src": "/etc/nginx/sites-available/{{var_gitlab_and_nginx_domain}}",
+			"dest": "/etc/nginx/sites-enabled/{{var_gitlab_and_nginx_domain}}"
+		}
+	},
+	{
+		"name": "restart nginx",
+		"become": true,
+		"ansible.builtin.systemd_service": {
+			"state": "restarted",
+			"name": "nginx"
+		}
+	}
+]
diff --git a/ansible/roles/gitlab-and-nginx/templates/conf.j2 b/ansible/roles/gitlab-and-nginx/templates/conf.j2
new file mode 100644
index 0000000..79d1004
--- /dev/null
+++ b/ansible/roles/gitlab-and-nginx/templates/conf.j2
@@ -0,0 +1,35 @@
+server {
+	listen 80 default_server;
+	listen [::]:80 ipv6only=on default_server;
+	
+	server_name {{var_gitlab_and_nginx_domain}};
+	
+	return 301 https://$server_name$request_uri; access_log /var/log/nginx/gitlab_access.log;
+	
+	error_log /var/log/nginx/gitlab_error.log;
+}
+
+server {
+	listen 443 ssl default_server;
+	listen [::]:443 ipv6only=on ssl default_server;
+	
+	server_name {{var_gitlab_and_nginx_domain}};
+	
+	ssl_certificate /etc/ssl/fullchains/{{var_gitlab_and_nginx_domain}}.pem;
+	ssl_certificate_key /etc/ssl/private/{{var_gitlab_and_nginx_domain}}.pem;
+	
+	server_tokens off; location ~ /.well-known {
+		allow all;
+	}
+
+	location / {
+		proxy_pass http://localhost:8081;
+		proxy_redirect off;
+		proxy_set_header Host $http_host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header X-Forwarded-Protocol $scheme;
+		proxy_set_header X-Url-Scheme $scheme;
+	}
+}