From 646bfa4e85754aace928b4ecd02b067f416bede2 Mon Sep 17 00:00:00 2001
From: Sam Al-Sapti <sam@sapti.me>
Date: Wed, 8 Nov 2023 22:30:41 +0100
Subject: [PATCH] Add initial nginx configuration

---
 host_vars/sapt-labp-app01.yml                 |  1 +
 host_vars/sapt-labp-app02.yml                 |  1 +
 host_vars/sapt-labs-app01.yml                 |  1 +
 host_vars/sapt-labs-app02.yml                 |  1 +
 roles/apps/defaults/main.yml                  |  6 ++++++
 roles/apps/tasks/extra_tasks/nginx.yml        | 19 +++++++++++++++++++
 .../apps/templates/compose-files/ipfs.yml.j2  |  2 +-
 .../templates/compose-files/monerod.yml.j2    |  2 +-
 .../apps/templates/compose-files/nginx.yml.j2 | 17 +++++++++++++++++
 .../templates/compose-files/postfix.yml.j2    |  2 +-
 .../templates/nginx/conf.d/nextcloud.conf.j2  | 19 +++++++++++++++++++
 roles/common/tasks/base.yml                   |  2 +-
 12 files changed, 69 insertions(+), 4 deletions(-)
 create mode 100644 roles/apps/tasks/extra_tasks/nginx.yml
 create mode 100644 roles/apps/templates/compose-files/nginx.yml.j2
 create mode 100644 roles/apps/templates/nginx/conf.d/nextcloud.conf.j2

diff --git a/host_vars/sapt-labp-app01.yml b/host_vars/sapt-labp-app01.yml
index 930ee3b..15555cc 100644
--- a/host_vars/sapt-labp-app01.yml
+++ b/host_vars/sapt-labp-app01.yml
@@ -5,6 +5,7 @@ fqdn: sapt-labp-app01.prod.servers.sapti.me
 private_ip: 10.2.16.10
 
 apps_include:
+  - nginx
   - postfix
   - nextcloud
   - restic
diff --git a/host_vars/sapt-labp-app02.yml b/host_vars/sapt-labp-app02.yml
index 1e818fd..7ab17ac 100644
--- a/host_vars/sapt-labp-app02.yml
+++ b/host_vars/sapt-labp-app02.yml
@@ -5,6 +5,7 @@ fqdn: sapt-labp-app02.prod.servers.sapti.me
 private_ip: 10.2.16.11
 
 apps_include:
+  - nginx
   - ipfs
   - monerod
   - snowflake
diff --git a/host_vars/sapt-labs-app01.yml b/host_vars/sapt-labs-app01.yml
index 30a1547..f2f3ba2 100644
--- a/host_vars/sapt-labs-app01.yml
+++ b/host_vars/sapt-labs-app01.yml
@@ -5,6 +5,7 @@ fqdn: sapt-labs-app01.stage.servers.sapti.me
 private_ip: 10.2.19.10
 
 apps_include:
+  - nginx
   - postfix
   - nextcloud
   - restic
diff --git a/host_vars/sapt-labs-app02.yml b/host_vars/sapt-labs-app02.yml
index 9a885a9..51996aa 100644
--- a/host_vars/sapt-labs-app02.yml
+++ b/host_vars/sapt-labs-app02.yml
@@ -5,6 +5,7 @@ fqdn: sapt-labs-app02.stage.servers.sapti.me
 private_ip: 10.2.19.11
 
 apps_include:
+  - nginx
   - ipfs
   - monerod
   - snowflake
diff --git a/roles/apps/defaults/main.yml b/roles/apps/defaults/main.yml
index 930fa5d..c4fa704 100644
--- a/roles/apps/defaults/main.yml
+++ b/roles/apps/defaults/main.yml
@@ -8,6 +8,11 @@ apps_shared_docker_network: apps_network
 apps_postfix_docker_network: postfix_network
 
 apps_vars:
+  nginx:
+    backup: false
+    extra_tasks: true
+    version: 1.25.3-alpine-slim
+
   postfix:
     domain: smtp.{{ apps_base_domain }}
     backup: true
@@ -52,6 +57,7 @@ apps_vars:
 
 apps_include: "{{ apps_vars | dict2items | map(attribute='key') | list }}"
 apps_backup: "{{ apps_vars | dict2items | selectattr('value.backup', 'true') | map(attribute='key') | list }}"
+apps_proxied: "{{ apps_vars | dict2items | selectattr('value.domain', 'defined') | map(attribute='key') | list | intersect(apps_include) }}"
 
 apps_sender_domains:
   - "{{ apps_vars.nextcloud.domain }}"
diff --git a/roles/apps/tasks/extra_tasks/nginx.yml b/roles/apps/tasks/extra_tasks/nginx.yml
new file mode 100644
index 0000000..27348b6
--- /dev/null
+++ b/roles/apps/tasks/extra_tasks/nginx.yml
@@ -0,0 +1,19 @@
+# vim: ft=yaml.ansible
+# code: language=ansible
+---
+- name: Create subfolder for nginx config files
+  ansible.builtin.file:
+    name: "{{ apps_data_root }}/nginx/data/conf.d"
+    owner: root
+    mode: u=rwx,g=rx,o=rx
+    state: directory
+
+- name: Copy nginx config for {{ app }}
+  ansible.builtin.template:
+    src: nginx/conf.d/{{ app }}.conf.j2
+    dest: "{{ apps_data_root }}/nginx/data/conf.d/{{ app }}.conf"
+    owner: root
+    mode: u=rw,g=r,o=r
+  loop: "{{ apps_proxied }}"
+  loop_control:
+    loop_var: app
diff --git a/roles/apps/templates/compose-files/ipfs.yml.j2 b/roles/apps/templates/compose-files/ipfs.yml.j2
index f5be190..547bc9f 100644
--- a/roles/apps/templates/compose-files/ipfs.yml.j2
+++ b/roles/apps/templates/compose-files/ipfs.yml.j2
@@ -23,4 +23,4 @@ services:
 
 networks:
   {{ apps_shared_docker_network }}:
-    external: true
\ No newline at end of file
+    external: true
diff --git a/roles/apps/templates/compose-files/monerod.yml.j2 b/roles/apps/templates/compose-files/monerod.yml.j2
index 55d7afc..2427187 100644
--- a/roles/apps/templates/compose-files/monerod.yml.j2
+++ b/roles/apps/templates/compose-files/monerod.yml.j2
@@ -16,4 +16,4 @@ services:
 
 networks:
   {{ apps_shared_docker_network }}:
-    external: true
\ No newline at end of file
+    external: true
diff --git a/roles/apps/templates/compose-files/nginx.yml.j2 b/roles/apps/templates/compose-files/nginx.yml.j2
new file mode 100644
index 0000000..1c93c70
--- /dev/null
+++ b/roles/apps/templates/compose-files/nginx.yml.j2
@@ -0,0 +1,17 @@
+# code: language=ansible-jinja
+version: "3.8"
+
+services:
+  web:
+    image: nginx:{{ apps_vars.nginx.version }}
+    restart: always
+    networks:
+      - {{ apps_shared_docker_network }}
+    ports:
+      - 8080:8080/tcp
+    volumes:
+      - "./data/conf.d:/etc/nginx/conf.d:ro"
+
+networks:
+  {{ apps_shared_docker_network }}:
+    external: true
diff --git a/roles/apps/templates/compose-files/postfix.yml.j2 b/roles/apps/templates/compose-files/postfix.yml.j2
index 750b8b3..c056c01 100644
--- a/roles/apps/templates/compose-files/postfix.yml.j2
+++ b/roles/apps/templates/compose-files/postfix.yml.j2
@@ -16,4 +16,4 @@ services:
 
 networks:
   {{ apps_postfix_docker_network }}:
-    external: true
\ No newline at end of file
+    external: true
diff --git a/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2 b/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2
new file mode 100644
index 0000000..7e8c459
--- /dev/null
+++ b/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2
@@ -0,0 +1,19 @@
+# code: language=ansible-jinja
+server {
+    listen 8080;
+    server_name {{ apps_vars.nextcloud.domain }}
+
+    location / {
+        proxy_pass http://nextcloud:80;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    location = /.well-known/carddav {
+        return 301 $scheme://$host/remote.php/dav;
+    }
+
+    location = /.well-known/caldav {
+        return 301 $scheme://$host/remote.php/dav;
+    }
+}
diff --git a/roles/common/tasks/base.yml b/roles/common/tasks/base.yml
index e700b92..8b4e6f0 100644
--- a/roles/common/tasks/base.yml
+++ b/roles/common/tasks/base.yml
@@ -27,7 +27,7 @@
         force: true
         state: link
 
-    - name: Comment out DNSStubListener
+    - name: Set DNSStubListener=no
       ansible.builtin.lineinfile:
         path: /etc/systemd/resolved.conf
         regexp: '^#?DNSStubListener='