From 7a97d73ae0cc99b4b899be32565ff61c27c086ff Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sat, 11 Nov 2023 15:47:51 +0100 Subject: [PATCH] Add nginx config files for the rest --- roles/apps/defaults/main.yml | 4 ++-- roles/apps/tasks/configure_app.yml | 2 +- roles/apps/tasks/main.yml | 2 +- .../apps/templates/compose-files/ipfs.yml.j2 | 2 +- .../templates/compose-files/postfix.yml.j2 | 2 +- .../apps/templates/nginx/conf.d/ipfs.conf.j2 | 24 +++++++++++++++++++ .../templates/nginx/conf.d/monerod.conf.j2 | 12 ++++++++++ .../templates/nginx/conf.d/nextcloud.conf.j2 | 13 ++++------ 8 files changed, 47 insertions(+), 14 deletions(-) create mode 100644 roles/apps/templates/nginx/conf.d/ipfs.conf.j2 create mode 100644 roles/apps/templates/nginx/conf.d/monerod.conf.j2 diff --git a/roles/apps/defaults/main.yml b/roles/apps/defaults/main.yml index 23985a3..5f0e625 100644 --- a/roles/apps/defaults/main.yml +++ b/roles/apps/defaults/main.yml @@ -14,7 +14,7 @@ apps_vars: version: 1.25.3-alpine-slim postfix: - domain: smtp.{{ apps_base_domain }} + hostname: smtp.{{ apps_base_domain }} backup: true sender: false extra_tasks: false @@ -29,7 +29,7 @@ apps_vars: version: v0.23.0 monerod: - domain: xmr.{{ apps_base_domain }} + domain: xmr.{{ apps_local_domain }} backup: false sender: false extra_tasks: false diff --git a/roles/apps/tasks/configure_app.yml b/roles/apps/tasks/configure_app.yml index 8756313..82b531b 100644 --- a/roles/apps/tasks/configure_app.yml +++ b/roles/apps/tasks/configure_app.yml @@ -24,4 +24,4 @@ - name: Run extra configuration tasks for {{ app_name }} ansible.builtin.include_tasks: extra_tasks/{{ app_name }}.yml - when: app_vars.extra_tasks is defined and app_vars.extra_tasks + when: app_vars.extra_tasks diff --git a/roles/apps/tasks/main.yml b/roles/apps/tasks/main.yml index ff667bf..62e3f78 100644 --- a/roles/apps/tasks/main.yml +++ b/roles/apps/tasks/main.yml @@ -20,7 +20,7 @@ ansible.builtin.file: name: "{{ apps_data_root }}" owner: root - mode: u=rwx,go= + mode: u=rwx,g=rx,o=rx state: directory - name: Configure apps diff --git a/roles/apps/templates/compose-files/ipfs.yml.j2 b/roles/apps/templates/compose-files/ipfs.yml.j2 index 547bc9f..2970cea 100644 --- a/roles/apps/templates/compose-files/ipfs.yml.j2 +++ b/roles/apps/templates/compose-files/ipfs.yml.j2 @@ -6,9 +6,9 @@ services: image: ipfs/kubo:{{ apps_vars.ipfs.version }} restart: always environment: + LOCAL_DOMAIN: {{ apps_vars.ipfs.domain }} IPFS_DOMAIN: {{ apps_vars.ipfs.gateway_domain }} IPFS_PROFILE: server - LOCAL_DOMAIN: {{ apps_vars.ipfs.domain }} networks: {{ apps_shared_docker_network }}: aliases: diff --git a/roles/apps/templates/compose-files/postfix.yml.j2 b/roles/apps/templates/compose-files/postfix.yml.j2 index f043f1e..5655536 100644 --- a/roles/apps/templates/compose-files/postfix.yml.j2 +++ b/roles/apps/templates/compose-files/postfix.yml.j2 @@ -7,7 +7,7 @@ services: restart: always environment: ALLOWED_SENDER_DOMAINS: "{{ apps_senders | join(' ') }}" - HOSTNAME: "{{ apps_vars.postfix.domain }}" + HOSTNAME: "{{ apps_vars.postfix.hostname }}" DKIM_AUTOGENERATE: "true" networks: - {{ apps_postfix_docker_network }} diff --git a/roles/apps/templates/nginx/conf.d/ipfs.conf.j2 b/roles/apps/templates/nginx/conf.d/ipfs.conf.j2 new file mode 100644 index 0000000..1bbac58 --- /dev/null +++ b/roles/apps/templates/nginx/conf.d/ipfs.conf.j2 @@ -0,0 +1,24 @@ +# code: language=ansible-jinja +server { + listen 8080; + server_name {{ apps_vars.ipfs.domain }}; + resolver 127.0.1.1; + + location / { + proxy_pass http://ipfs:5001; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto "https"; + } +} + +server { + listen 8080; + server_name ~^([\w-]+\.(ipfs|ipns)\.)?{{ apps_vars.ipfs.gateway_domain }}$; + resolver 127.0.1.1; + + location / { + proxy_pass http://ipfs:8080; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto "https"; + } +} diff --git a/roles/apps/templates/nginx/conf.d/monerod.conf.j2 b/roles/apps/templates/nginx/conf.d/monerod.conf.j2 new file mode 100644 index 0000000..b25de52 --- /dev/null +++ b/roles/apps/templates/nginx/conf.d/monerod.conf.j2 @@ -0,0 +1,12 @@ +# code: language=ansible-jinja +server { + listen 8080; + server_name {{ apps_vars.monerod.domain }}; + resolver 127.0.1.1; + + location / { + proxy_pass http://monerod:18089; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto "https"; + } +} diff --git a/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2 b/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2 index 7e8c459..41b6e71 100644 --- a/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2 +++ b/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2 @@ -1,19 +1,16 @@ # code: language=ansible-jinja server { listen 8080; - server_name {{ apps_vars.nextcloud.domain }} + server_name {{ apps_vars.nextcloud.domain }}; + resolver 127.0.1.1; location / { proxy_pass http://nextcloud:80; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Proto "https"; } - location = /.well-known/carddav { - return 301 $scheme://$host/remote.php/dav; - } - - location = /.well-known/caldav { - return 301 $scheme://$host/remote.php/dav; + location ~^/\.well-known/(cal|card)dav$ { + return 301 https://$host/remote.php/dav; } }