Add initial nginx configuration

host_vars/sapt-labp-app01.yml

@@ -5,6 +5,7 @@ fqdn: sapt-labp-app01.prod.servers.sapti.me
 private_ip: 10.2.16.10
 
 apps_include:
+  - nginx
   - postfix
   - nextcloud
   - restic

host_vars/sapt-labp-app02.yml

@@ -5,6 +5,7 @@ fqdn: sapt-labp-app02.prod.servers.sapti.me
 private_ip: 10.2.16.11
 
 apps_include:
+  - nginx
   - ipfs
   - monerod
   - snowflake

host_vars/sapt-labs-app01.yml

@@ -5,6 +5,7 @@ fqdn: sapt-labs-app01.stage.servers.sapti.me
 private_ip: 10.2.19.10
 
 apps_include:
+  - nginx
   - postfix
   - nextcloud
   - restic

host_vars/sapt-labs-app02.yml

@@ -5,6 +5,7 @@ fqdn: sapt-labs-app02.stage.servers.sapti.me
 private_ip: 10.2.19.11
 
 apps_include:
+  - nginx
   - ipfs
   - monerod
   - snowflake

roles/apps/defaults/main.yml

@@ -8,6 +8,11 @@ apps_shared_docker_network: apps_network
 apps_postfix_docker_network: postfix_network
 
 apps_vars:
+  nginx:
+    backup: false
+    extra_tasks: true
+    version: 1.25.3-alpine-slim
+
   postfix:
     domain: smtp.{{ apps_base_domain }}
     backup: true
@@ -52,6 +57,7 @@ apps_vars:
 
 apps_include: "{{ apps_vars | dict2items | map(attribute='key') | list }}"
 apps_backup: "{{ apps_vars | dict2items | selectattr('value.backup', 'true') | map(attribute='key') | list }}"
+apps_proxied: "{{ apps_vars | dict2items | selectattr('value.domain', 'defined') | map(attribute='key') | list | intersect(apps_include) }}"
 
 apps_sender_domains:
   - "{{ apps_vars.nextcloud.domain }}"

roles/apps/tasks/extra_tasks/nginx.yml

@@ -0,0 +1,19 @@
+# vim: ft=yaml.ansible
+# code: language=ansible
+---
+- name: Create subfolder for nginx config files
+  ansible.builtin.file:
+    name: "{{ apps_data_root }}/nginx/data/conf.d"
+    owner: root
+    mode: u=rwx,g=rx,o=rx
+    state: directory
+
+- name: Copy nginx config for {{ app }}
+  ansible.builtin.template:
+    src: nginx/conf.d/{{ app }}.conf.j2
+    dest: "{{ apps_data_root }}/nginx/data/conf.d/{{ app }}.conf"
+    owner: root
+    mode: u=rw,g=r,o=r
+  loop: "{{ apps_proxied }}"
+  loop_control:
+    loop_var: app

roles/apps/templates/compose-files/ipfs.yml.j2

@@ -23,4 +23,4 @@ services:
 
 networks:
   {{ apps_shared_docker_network }}:
-    external: true
+    external: true

roles/apps/templates/compose-files/monerod.yml.j2

@@ -16,4 +16,4 @@ services:
 
 networks:
   {{ apps_shared_docker_network }}:
-    external: true
+    external: true

roles/apps/templates/compose-files/nginx.yml.j2

@@ -0,0 +1,17 @@
+# code: language=ansible-jinja
+version: "3.8"
+
+services:
+  web:
+    image: nginx:{{ apps_vars.nginx.version }}
+    restart: always
+    networks:
+      - {{ apps_shared_docker_network }}
+    ports:
+      - 8080:8080/tcp
+    volumes:
+      - "./data/conf.d:/etc/nginx/conf.d:ro"
+
+networks:
+  {{ apps_shared_docker_network }}:
+    external: true

roles/apps/templates/compose-files/postfix.yml.j2

@@ -16,4 +16,4 @@ services:
 
 networks:
   {{ apps_postfix_docker_network }}:
-    external: true
+    external: true

roles/apps/templates/nginx/conf.d/nextcloud.conf.j2

@@ -0,0 +1,19 @@
+# code: language=ansible-jinja
+server {
+    listen 8080;
+    server_name {{ apps_vars.nextcloud.domain }}
+
+    location / {
+        proxy_pass http://nextcloud:80;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    location = /.well-known/carddav {
+        return 301 $scheme://$host/remote.php/dav;
+    }
+
+    location = /.well-known/caldav {
+        return 301 $scheme://$host/remote.php/dav;
+    }
+}

roles/common/tasks/base.yml

@@ -27,7 +27,7 @@
         force: true
         state: link
 
-    - name: Comment out DNSStubListener
+    - name: Set DNSStubListener=no
       ansible.builtin.lineinfile:
         path: /etc/systemd/resolved.conf
         regexp: '^#?DNSStubListener='