aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorclarkzjw <[email protected]>2023-01-20 10:21:10 -0800
committerclarkzjw <[email protected]>2023-01-20 10:21:10 -0800
commitf1aebe3adc2b68f240d9118ae95e9ff93671ab66 (patch)
treeb4ea255d648c37bf5f797c4a126224caa51209ac
parent1fce024be20034ad4eef7646594eef0fbcc1b64e (diff)
downloadhomelab-f1aebe3adc2b68f240d9118ae95e9ff93671ab66.tar.gz
bia: add nginx
-rw-r--r--clarkzjw.cc/config/bia/ansible/roles/cgit/defaults/main.yaml0
-rw-r--r--clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml41
-rw-r--r--clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j236
-rw-r--r--clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j217
4 files changed, 94 insertions, 0 deletions
diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/defaults/main.yaml b/clarkzjw.cc/config/bia/ansible/roles/cgit/defaults/main.yaml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/defaults/main.yaml
diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml b/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml
new file mode 100644
index 0000000..872a43a
--- /dev/null
+++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml
@@ -0,0 +1,41 @@
1- name: Install cgit, Nginx
2 pkgng:
3 state: present
4 name:
5 - cgit
6 - nginx
7 - fcgiwrap
8 - security/py-certbot-nginx
9
10- name: Create git directory
11 file:
12 path: /opt/git
13 state: directory
14 owner: www
15 group: www
16 recurse: yes
17
18- name: Create Nginx conf directory
19 file:
20 path: /usr/local/etc/nginx/conf.d
21 state: directory
22 recurse: yes
23
24- name: Render nginx config file
25 template:
26 src: nginx.conf.j2
27 dest: "/usr/local/etc/nginx/nginx.conf"
28 mode: 0644
29
30- name: Render nginx config file
31 template:
32 src: cgit.conf.j2
33 dest: "/usr/local/etc/nginx/conf.d/cgit.conf"
34 mode: 0644
35
36# TODO
37# create certbot https certificate
38# test nginx conf
39# reload nginx conf
40# create git user
41# git user permission
diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2
new file mode 100644
index 0000000..625075d
--- /dev/null
+++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2
@@ -0,0 +1,36 @@
1server {
2 server_name {{ lookup('env', 'CGIT_DOMAIN') }};
3 root /usr/local/www/cgit;
4 try_files $uri @cgit;
5
6 location @cgit {
7 include fastcgi_params;
8 fastcgi_param SCRIPT_FILENAME /usr/local/www/cgit/cgit.cgi;
9 fastcgi_param PATH_INFO $uri;
10 fastcgi_param QUERY_STRING $args;
11 fastcgi_param HTTP_HOST $server_name;
12 fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.sock;
13 }
14
15 error_page 500 502 503 504 /50x.html;
16 location = /50x.html {
17 root /usr/local/www/nginx-dist;
18 }
19
20 listen 443 ssl; # managed by Certbot
21 ssl_certificate /usr/local/etc/letsencrypt/live/{{ lookup('env', 'CGIT_DOMAIN') }}/fullchain.pem; # managed by Certbot
22 ssl_certificate_key /usr/local/etc/letsencrypt/live/{{ lookup('env', 'CGIT_DOMAIN') }}/privkey.pem; # managed by Certbot
23 include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
24 ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
25}
26
27
28server {
29 if ($host = {{ lookup('env', 'CGIT_DOMAIN') }}) {
30 return 301 https://$host$request_uri;
31 } # managed by Certbot
32
33 listen 80;
34 server_name {{ lookup('env', 'CGIT_DOMAIN') }};
35 return 404; # managed by Certbot
36}
diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2 b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2
new file mode 100644
index 0000000..1380132
--- /dev/null
+++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2
@@ -0,0 +1,17 @@
1worker_processes auto;
2
3events {
4 worker_connections 1024;
5}
6
7http {
8 include mime.types;
9 default_type application/octet-stream;
10
11 sendfile on;
12 keepalive_timeout 65;
13 gzip on;
14
15
16 include /usr/local/etc/nginx/conf.d/*.conf;
17}
Powered by cgit v1.2.3 (git 2.41.0)