From f1aebe3adc2b68f240d9118ae95e9ff93671ab66 Mon Sep 17 00:00:00 2001 From: clarkzjw Date: Fri, 20 Jan 2023 10:21:10 -0800 Subject: bia: add nginx --- .../bia/ansible/roles/cgit/defaults/main.yaml | 0 .../config/bia/ansible/roles/cgit/tasks/main.yaml | 41 ++++++++++++++++++++++ .../bia/ansible/roles/cgit/templates/cgit.conf.j2 | 36 +++++++++++++++++++ .../bia/ansible/roles/cgit/templates/nginx.conf.j2 | 17 +++++++++ 4 files changed, 94 insertions(+) create mode 100644 clarkzjw.cc/config/bia/ansible/roles/cgit/defaults/main.yaml create mode 100644 clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml create mode 100644 clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 create mode 100644 clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2 diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/defaults/main.yaml b/clarkzjw.cc/config/bia/ansible/roles/cgit/defaults/main.yaml new file mode 100644 index 0000000..e69de29 diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml b/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml new file mode 100644 index 0000000..872a43a --- /dev/null +++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml @@ -0,0 +1,41 @@ +- name: Install cgit, Nginx + pkgng: + state: present + name: + - cgit + - nginx + - fcgiwrap + - security/py-certbot-nginx + +- name: Create git directory + file: + path: /opt/git + state: directory + owner: www + group: www + recurse: yes + +- name: Create Nginx conf directory + file: + path: /usr/local/etc/nginx/conf.d + state: directory + recurse: yes + +- name: Render nginx config file + template: + src: nginx.conf.j2 + dest: "/usr/local/etc/nginx/nginx.conf" + mode: 0644 + +- name: Render nginx config file + template: + src: cgit.conf.j2 + dest: "/usr/local/etc/nginx/conf.d/cgit.conf" + mode: 0644 + +# TODO +# create certbot https certificate +# test nginx conf +# reload nginx conf +# create git user +# git user permission diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 new file mode 100644 index 0000000..625075d --- /dev/null +++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 @@ -0,0 +1,36 @@ +server { + server_name {{ lookup('env', 'CGIT_DOMAIN') }}; + root /usr/local/www/cgit; + try_files $uri @cgit; + + location @cgit { + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/local/www/cgit/cgit.cgi; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.sock; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/local/www/nginx-dist; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /usr/local/etc/letsencrypt/live/{{ lookup('env', 'CGIT_DOMAIN') }}/fullchain.pem; # managed by Certbot + ssl_certificate_key /usr/local/etc/letsencrypt/live/{{ lookup('env', 'CGIT_DOMAIN') }}/privkey.pem; # managed by Certbot + include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot +} + + +server { + if ($host = {{ lookup('env', 'CGIT_DOMAIN') }}) { + return 301 https://$host$request_uri; + } # managed by Certbot + + listen 80; + server_name {{ lookup('env', 'CGIT_DOMAIN') }}; + return 404; # managed by Certbot +} diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2 b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2 new file mode 100644 index 0000000..1380132 --- /dev/null +++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2 @@ -0,0 +1,17 @@ +worker_processes auto; + +events { + worker_connections 1024; +} + +http { + include mime.types; + default_type application/octet-stream; + + sendfile on; + keepalive_timeout 65; + gzip on; + + + include /usr/local/etc/nginx/conf.d/*.conf; +} -- cgit v1.2.3