From bacbc78b2e1f59ee6b0f486af92154e2fb883b8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Mon, 30 Dec 2024 13:35:31 +0100 Subject: [PATCH] [add] tandoor-and-nginx --- roles/tandoor-and-nginx/defaults/main.json | 5 +++ roles/tandoor-and-nginx/info.md | 4 ++ roles/tandoor-and-nginx/tasks/main.json | 35 ++++++++++++++++++ roles/tandoor-and-nginx/templates/conf.j2 | 43 ++++++++++++++++++++++ roles/tandoor-and-nginx/vardef.json | 19 ++++++++++ 5 files changed, 106 insertions(+) create mode 100644 roles/tandoor-and-nginx/defaults/main.json create mode 100644 roles/tandoor-and-nginx/info.md create mode 100644 roles/tandoor-and-nginx/tasks/main.json create mode 100644 roles/tandoor-and-nginx/templates/conf.j2 create mode 100644 roles/tandoor-and-nginx/vardef.json diff --git a/roles/tandoor-and-nginx/defaults/main.json b/roles/tandoor-and-nginx/defaults/main.json new file mode 100644 index 0000000..bdfe332 --- /dev/null +++ b/roles/tandoor-and-nginx/defaults/main.json @@ -0,0 +1,5 @@ +{ + "var_tandoor_and_nginx_domain": "tandoor.example.org", + "var_tandoor_and_nginx_port": 1256, + "var_tandoor_and_nginx_tls_mode": "force" +} diff --git a/roles/tandoor-and-nginx/info.md b/roles/tandoor-and-nginx/info.md new file mode 100644 index 0000000..f8798d6 --- /dev/null +++ b/roles/tandoor-and-nginx/info.md @@ -0,0 +1,4 @@ +## Verweise + +- [Tandoor-Dokumentation | nginx](https://docs.tandoor.dev/install/manual/#nginx) + diff --git a/roles/tandoor-and-nginx/tasks/main.json b/roles/tandoor-and-nginx/tasks/main.json new file mode 100644 index 0000000..5519556 --- /dev/null +++ b/roles/tandoor-and-nginx/tasks/main.json @@ -0,0 +1,35 @@ +[ + { + "name": "deactivate default site", + "become": true, + "ansible.builtin.file": { + "state": "absent", + "dest": "/etc/nginx/sites-enabled/default" + } + }, + { + "name": "emplace configuration | data", + "become": true, + "ansible.builtin.template": { + "src": "conf.j2", + "dest": "/etc/nginx/sites-available/{{var_tandoor_and_nginx_domain}}" + } + }, + { + "name": "emplace configuration | link", + "become": true, + "ansible.builtin.file": { + "state": "link", + "src": "/etc/nginx/sites-available/{{var_tandoor_and_nginx_domain}}", + "dest": "/etc/nginx/sites-enabled/{{var_tandoor_and_nginx_domain}}" + } + }, + { + "name": "restart nginx", + "become": true, + "ansible.builtin.systemd_service": { + "state": "restarted", + "name": "nginx" + } + } +] diff --git a/roles/tandoor-and-nginx/templates/conf.j2 b/roles/tandoor-and-nginx/templates/conf.j2 new file mode 100644 index 0000000..1fb4ab3 --- /dev/null +++ b/roles/tandoor-and-nginx/templates/conf.j2 @@ -0,0 +1,43 @@ +{% macro tandoor_common() %} + location /static/ { + alias /var/www/recipes/staticfiles; + } + + location /media/ { + alias /var/www/recipes/mediafiles; + } + + location / { + proxy_set_header Host $http_host; + proxy_pass http://unix:/var/www/recipes/recipes.sock; + proxy_set_header X-Forwarded-Proto $scheme; + } +{% endmacro %} + +server { + listen 80; + listen [::]:80; + + server_name {{var_tandoor_and_nginx_domain}}; + +{% if var_tandoor_and_nginx_tls_mode == 'force' %} + return 301 https://$http_host$request_uri; +{% else %} +{{ tandoor_common() }} +{% endif %} +} + +{% if var_tandoor_and_nginx_tls_mode != 'disable' %} +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name {{var_tandoor_and_nginx_domain}}; + + ssl_certificate_key /etc/ssl/private/{{var_tandoor_and_nginx_domain}}.pem; + ssl_certificate /etc/ssl/fullchains/{{var_tandoor_and_nginx_domain}}.pem; + include /etc/nginx/ssl-hardening.conf; + +{{ tandoor_common() }} +} +{% endif %} diff --git a/roles/tandoor-and-nginx/vardef.json b/roles/tandoor-and-nginx/vardef.json new file mode 100644 index 0000000..882b53b --- /dev/null +++ b/roles/tandoor-and-nginx/vardef.json @@ -0,0 +1,19 @@ +{ + "domain": { + "mandatory": false, + "type": "string" + }, + "port": { + "mandatory": false, + "type": "integer" + }, + "tls_mode": { + "mandatory": false, + "type": "string", + "options": [ + "disable", + "enable", + "force" + ] + } +}