roles:zeitbild_frontend_dali-and-nginx

2024-10-25 00:37:18 +02:00 · 2024-10-25 00:37:18 +02:00 · cf34edb95b
commit cf34edb95b
parent 839d65c2e2
4 changed files with 90 additions and 0 deletions
--- a/roles/zeitbild_frontend_dali-and-nginx/defaults/main.json
+++ b/roles/zeitbild_frontend_dali-and-nginx/defaults/main.json
@ -0,0 +1,5 @@
+{
+	"var_zeitbild_frontend_dali_and_nginx_domain": "zeitbild.example.org",
+	"var_zeitbild_frontend_dali_and_nginx_path": "/opt/dali",
+	"var_zeitbild_frontend_dali_and_nginx_tls_mode": "force"
+}
--- a/roles/zeitbild_frontend_dali-and-nginx/tasks/main.json
+++ b/roles/zeitbild_frontend_dali-and-nginx/tasks/main.json
@ -0,0 +1,35 @@
+[
+	{
+		"name": "deactivate default site",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "absent",
+			"dest": "/etc/nginx/sites-enabled/default"
+		}
+	},
+	{
+		"name": "emplace configuration | data",
+		"become": true,
+		"ansible.builtin.template": {
+			"src": "conf.j2",
+			"dest": "/etc/nginx/sites-available/{{var_zeitbild_frontend_dali_and_nginx_domain}}"
+		}
+	},
+	{
+		"name": "emplace configuration | link",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "link",
+			"src": "/etc/nginx/sites-available/{{var_zeitbild_frontend_dali_and_nginx_domain}}",
+			"dest": "/etc/nginx/sites-enabled/{{var_zeitbild_frontend_dali_and_nginx_domain}}"
+		}
+	},
+	{
+		"name": "restart nginx",
+		"become": true,
+		"ansible.builtin.systemd_service": {
+			"state": "restarted",
+			"name": "nginx"
+		}
+	}
+]
--- a/roles/zeitbild_frontend_dali-and-nginx/templates/conf.j2
+++ b/roles/zeitbild_frontend_dali-and-nginx/templates/conf.j2
@ -0,0 +1,31 @@
+{% macro zeitbild_frontend_dali_common() %}
+root {{var_zeitbild_frontend_dali_and_nginx_path}};
+{% endmacro %}
+
+server {
+	server_name {{var_zeitbild_frontend_dali_and_nginx_domain}};
+	
+	listen 80;
+	listen [::]:80;
+
+{% if (var_zeitbild_frontend_dali_and_nginx_tls_mode == 'force') %}
+	return 301 https://$http_host$request_uri;
+{% else %}
+{{ zeitbild_frontend_dali_common() }}
+{% endif %}
+}
+
+{% if (var_zeitbild_frontend_dali_and_nginx_tls_mode != 'disable') %}
+server {
+	server_name {{var_zeitbild_frontend_dali_and_nginx_domain}};
+	
+	listen 443 ssl;
+	listen [::]:443 ssl;
+	
+	ssl_certificate_key /etc/ssl/private/{{var_zeitbild_frontend_dali_and_nginx_domain}}.pem;
+	ssl_certificate /etc/ssl/fullchains/{{var_zeitbild_frontend_dali_and_nginx_domain}}.pem;
+	include /etc/nginx/ssl-hardening.conf;
+	
+{{ zeitbild_frontend_dali_common() }}
+}
+{% endif %}
--- a/roles/zeitbild_frontend_dali-and-nginx/vardef.json
+++ b/roles/zeitbild_frontend_dali-and-nginx/vardef.json
@ -0,0 +1,19 @@
+{
+	"domain": {
+		"mandatory": false,
+		"type": "string"
+	},
+	"port": {
+		"mandatory": false,
+		"type": "integer"
+	},
+	"tls_mode": {
+		"mandatory": false,
+		"type": "string",
+		"options": [
+			"disable",
+			"enable",
+			"force"
+		]
+	}
+}