diff options
author | clarkzjw <[email protected]> | 2023-01-20 10:21:10 -0800 |
---|---|---|
committer | clarkzjw <[email protected]> | 2023-01-20 10:21:10 -0800 |
commit | f1aebe3adc2b68f240d9118ae95e9ff93671ab66 (patch) | |
tree | b4ea255d648c37bf5f797c4a126224caa51209ac | |
parent | 1fce024be20034ad4eef7646594eef0fbcc1b64e (diff) | |
download | homelab-f1aebe3adc2b68f240d9118ae95e9ff93671ab66.tar.gz |
bia: add nginx
4 files changed, 94 insertions, 0 deletions
diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/defaults/main.yaml b/clarkzjw.cc/config/bia/ansible/roles/cgit/defaults/main.yaml new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/defaults/main.yaml | |||
diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml b/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml new file mode 100644 index 0000000..872a43a --- /dev/null +++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml | |||
@@ -0,0 +1,41 @@ | |||
1 | - name: Install cgit, Nginx | ||
2 | pkgng: | ||
3 | state: present | ||
4 | name: | ||
5 | - cgit | ||
6 | - nginx | ||
7 | - fcgiwrap | ||
8 | - security/py-certbot-nginx | ||
9 | |||
10 | - name: Create git directory | ||
11 | file: | ||
12 | path: /opt/git | ||
13 | state: directory | ||
14 | owner: www | ||
15 | group: www | ||
16 | recurse: yes | ||
17 | |||
18 | - name: Create Nginx conf directory | ||
19 | file: | ||
20 | path: /usr/local/etc/nginx/conf.d | ||
21 | state: directory | ||
22 | recurse: yes | ||
23 | |||
24 | - name: Render nginx config file | ||
25 | template: | ||
26 | src: nginx.conf.j2 | ||
27 | dest: "/usr/local/etc/nginx/nginx.conf" | ||
28 | mode: 0644 | ||
29 | |||
30 | - name: Render nginx config file | ||
31 | template: | ||
32 | src: cgit.conf.j2 | ||
33 | dest: "/usr/local/etc/nginx/conf.d/cgit.conf" | ||
34 | mode: 0644 | ||
35 | |||
36 | # TODO | ||
37 | # create certbot https certificate | ||
38 | # test nginx conf | ||
39 | # reload nginx conf | ||
40 | # create git user | ||
41 | # git user permission | ||
diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 new file mode 100644 index 0000000..625075d --- /dev/null +++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 | |||
@@ -0,0 +1,36 @@ | |||
1 | server { | ||
2 | server_name {{ lookup('env', 'CGIT_DOMAIN') }}; | ||
3 | root /usr/local/www/cgit; | ||
4 | try_files $uri @cgit; | ||
5 | |||
6 | location @cgit { | ||
7 | include fastcgi_params; | ||
8 | fastcgi_param SCRIPT_FILENAME /usr/local/www/cgit/cgit.cgi; | ||
9 | fastcgi_param PATH_INFO $uri; | ||
10 | fastcgi_param QUERY_STRING $args; | ||
11 | fastcgi_param HTTP_HOST $server_name; | ||
12 | fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.sock; | ||
13 | } | ||
14 | |||
15 | error_page 500 502 503 504 /50x.html; | ||
16 | location = /50x.html { | ||
17 | root /usr/local/www/nginx-dist; | ||
18 | } | ||
19 | |||
20 | listen 443 ssl; # managed by Certbot | ||
21 | ssl_certificate /usr/local/etc/letsencrypt/live/{{ lookup('env', 'CGIT_DOMAIN') }}/fullchain.pem; # managed by Certbot | ||
22 | ssl_certificate_key /usr/local/etc/letsencrypt/live/{{ lookup('env', 'CGIT_DOMAIN') }}/privkey.pem; # managed by Certbot | ||
23 | include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot | ||
24 | ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot | ||
25 | } | ||
26 | |||
27 | |||
28 | server { | ||
29 | if ($host = {{ lookup('env', 'CGIT_DOMAIN') }}) { | ||
30 | return 301 https://$host$request_uri; | ||
31 | } # managed by Certbot | ||
32 | |||
33 | listen 80; | ||
34 | server_name {{ lookup('env', 'CGIT_DOMAIN') }}; | ||
35 | return 404; # managed by Certbot | ||
36 | } | ||
diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2 b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2 new file mode 100644 index 0000000..1380132 --- /dev/null +++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2 | |||
@@ -0,0 +1,17 @@ | |||
1 | worker_processes auto; | ||
2 | |||
3 | events { | ||
4 | worker_connections 1024; | ||
5 | } | ||
6 | |||
7 | http { | ||
8 | include mime.types; | ||
9 | default_type application/octet-stream; | ||
10 | |||
11 | sendfile on; | ||
12 | keepalive_timeout 65; | ||
13 | gzip on; | ||
14 | |||
15 | |||
16 | include /usr/local/etc/nginx/conf.d/*.conf; | ||
17 | } | ||