bia: add nginx

author: clarkzjw <[email protected]> 2023-01-20 10:21:10 -0800
committer: clarkzjw <[email protected]> 2023-01-20 10:21:10 -0800
commit: f1aebe3adc2b68f240d9118ae95e9ff93671ab66 (patch)
tree: b4ea255d648c37bf5f797c4a126224caa51209ac
parent: 1fce024be20034ad4eef7646594eef0fbcc1b64e (diff)
download: homelab-f1aebe3adc2b68f240d9118ae95e9ff93671ab66.tar.gz
4 files changed, 94 insertions, 0 deletions
diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/defaults/main.yaml b/clarkzjw.cc/config/bia/ansible/roles/cgit/defaults/main.yaml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/defaults/main.yaml
diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml b/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml
new file mode 100644
index 0000000..872a43a
--- /dev/null
+++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml
@@ -0,0 +1,41 @@
+- name: Install cgit, Nginx
+  pkgng:
+    state: present
+    name:
+      - cgit
+      - nginx
+      - fcgiwrap
+      - security/py-certbot-nginx
+- name: Create git directory
+  file:
+    path: /opt/git
+    state: directory
+    owner: www
+    group: www
+    recurse: yes
+- name: Create Nginx conf directory
+  file:
+    path: /usr/local/etc/nginx/conf.d
+    state: directory
+    recurse: yes
+- name: Render nginx config file
+  template:
+    src: nginx.conf.j2
+    dest: "/usr/local/etc/nginx/nginx.conf"
+    mode: 0644
+- name: Render nginx config file
+  template:
+    src: cgit.conf.j2
+    dest: "/usr/local/etc/nginx/conf.d/cgit.conf"
+    mode: 0644
+# TODO
+# create certbot https certificate
+# test nginx conf
+# reload nginx conf
+# create git user
+# git user permission
diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2
new file mode 100644
index 0000000..625075d
--- /dev/null
+++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2
@@ -0,0 +1,36 @@
+server {
+    server_name  {{ lookup('env', 'CGIT_DOMAIN') }};
+    root /usr/local/www/cgit;
+    try_files $uri @cgit;
+    location @cgit {
+          include fastcgi_params;
+          fastcgi_param SCRIPT_FILENAME /usr/local/www/cgit/cgit.cgi;
+          fastcgi_param PATH_INFO $uri;
+          fastcgi_param QUERY_STRING $args;
+          fastcgi_param HTTP_HOST $server_name;
+          fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.sock;
+    }
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/local/www/nginx-dist;
+    }
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /usr/local/etc/letsencrypt/live/{{ lookup('env', 'CGIT_DOMAIN') }}/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /usr/local/etc/letsencrypt/live/{{ lookup('env', 'CGIT_DOMAIN') }}/privkey.pem; # managed by Certbot
+    include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}
+server {
+    if ($host = {{ lookup('env', 'CGIT_DOMAIN') }}) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+    listen       80;
+    server_name  {{ lookup('env', 'CGIT_DOMAIN') }};
+    return 404; # managed by Certbot
+}
diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2 b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2
new file mode 100644
index 0000000..1380132
--- /dev/null
+++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2
@@ -0,0 +1,17 @@
+worker_processes auto;
+events {
+    worker_connections  1024;
+}
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+    sendfile           on;
+    keepalive_timeout  65;
+    gzip               on;
+    include /usr/local/etc/nginx/conf.d/*.conf;
+}
author	clarkzjw <[email protected]>	2023-01-20 10:21:10 -0800
committer	clarkzjw <[email protected]>	2023-01-20 10:21:10 -0800
commit	f1aebe3adc2b68f240d9118ae95e9ff93671ab66 (patch)
tree	b4ea255d648c37bf5f797c4a126224caa51209ac
parent	1fce024be20034ad4eef7646594eef0fbcc1b64e (diff)
download	homelab-f1aebe3adc2b68f240d9118ae95e9ff93671ab66.tar.gz

diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/defaults/main.yaml b/clarkzjw.cc/config/bia/ansible/roles/cgit/defaults/main.yaml new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/defaults/main.yaml


diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml b/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml new file mode 100644 index 0000000..872a43a --- /dev/null +++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml
@@ -0,0 +1,41 @@
	1	- name: Install cgit, Nginx
	2	pkgng:
	3	state: present
	4	name:
	5	- cgit
	6	- nginx
	7	- fcgiwrap
	8	- security/py-certbot-nginx
	9
	10	- name: Create git directory
	11	file:
	12	path: /opt/git
	13	state: directory
	14	owner: www
	15	group: www
	16	recurse: yes
	17
	18	- name: Create Nginx conf directory
	19	file:
	20	path: /usr/local/etc/nginx/conf.d
	21	state: directory
	22	recurse: yes
	23
	24	- name: Render nginx config file
	25	template:
	26	src: nginx.conf.j2
	27	dest: "/usr/local/etc/nginx/nginx.conf"
	28	mode: 0644
	29
	30	- name: Render nginx config file
	31	template:
	32	src: cgit.conf.j2
	33	dest: "/usr/local/etc/nginx/conf.d/cgit.conf"
	34	mode: 0644
	35
	36	# TODO
	37	# create certbot https certificate
	38	# test nginx conf
	39	# reload nginx conf
	40	# create git user
	41	# git user permission


diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 new file mode 100644 index 0000000..625075d --- /dev/null +++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2
@@ -0,0 +1,36 @@
	1	server {
	2	server_name {{ lookup('env', 'CGIT_DOMAIN') }};
	3	root /usr/local/www/cgit;
	4	try_files $uri @cgit;
	5
	6	location @cgit {
	7	include fastcgi_params;
	8	fastcgi_param SCRIPT_FILENAME /usr/local/www/cgit/cgit.cgi;
	9	fastcgi_param PATH_INFO $uri;
	10	fastcgi_param QUERY_STRING $args;
	11	fastcgi_param HTTP_HOST $server_name;
	12	fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.sock;
	13	}
	14
	15	error_page 500 502 503 504 /50x.html;
	16	location = /50x.html {
	17	root /usr/local/www/nginx-dist;
	18	}
	19
	20	listen 443 ssl; # managed by Certbot
	21	ssl_certificate /usr/local/etc/letsencrypt/live/{{ lookup('env', 'CGIT_DOMAIN') }}/fullchain.pem; # managed by Certbot
	22	ssl_certificate_key /usr/local/etc/letsencrypt/live/{{ lookup('env', 'CGIT_DOMAIN') }}/privkey.pem; # managed by Certbot
	23	include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	24	ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
	25	}
	26
	27
	28	server {
	29	if ($host = {{ lookup('env', 'CGIT_DOMAIN') }}) {
	30	return 301 https://$host$request_uri;
	31	} # managed by Certbot
	32
	33	listen 80;
	34	server_name {{ lookup('env', 'CGIT_DOMAIN') }};
	35	return 404; # managed by Certbot
	36	}


diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2 b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2 new file mode 100644 index 0000000..1380132 --- /dev/null +++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2
@@ -0,0 +1,17 @@
	1	worker_processes auto;
	2
	3	events {
	4	worker_connections 1024;
	5	}
	6
	7	http {
	8	include mime.types;
	9	default_type application/octet-stream;
	10
	11	sendfile on;
	12	keepalive_timeout 65;
	13	gzip on;
	14
	15
	16	include /usr/local/etc/nginx/conf.d/*.conf;
	17	}