From f1aebe3adc2b68f240d9118ae95e9ff93671ab66 Mon Sep 17 00:00:00 2001
From: clarkzjw <i@jinwei.me>
Date: Fri, 20 Jan 2023 10:21:10 -0800
Subject: bia: add nginx

---
 .../bia/ansible/roles/cgit/templates/cgit.conf.j2  | 36 ++++++++++++++++++++++
 .../bia/ansible/roles/cgit/templates/nginx.conf.j2 | 17 ++++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2
 create mode 100644 clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2

(limited to 'clarkzjw.cc/config/bia/ansible/roles/cgit/templates')

diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2
new file mode 100644
index 0000000..625075d
--- /dev/null
+++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2
@@ -0,0 +1,36 @@
+server {
+    server_name  {{ lookup('env', 'CGIT_DOMAIN') }};
+    root /usr/local/www/cgit;
+    try_files $uri @cgit;
+
+    location @cgit {
+          include fastcgi_params;
+          fastcgi_param SCRIPT_FILENAME /usr/local/www/cgit/cgit.cgi;
+          fastcgi_param PATH_INFO $uri;
+          fastcgi_param QUERY_STRING $args;
+          fastcgi_param HTTP_HOST $server_name;
+          fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.sock;
+    }
+
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/local/www/nginx-dist;
+    }
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /usr/local/etc/letsencrypt/live/{{ lookup('env', 'CGIT_DOMAIN') }}/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /usr/local/etc/letsencrypt/live/{{ lookup('env', 'CGIT_DOMAIN') }}/privkey.pem; # managed by Certbot
+    include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}
+
+
+server {
+    if ($host = {{ lookup('env', 'CGIT_DOMAIN') }}) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    listen       80;
+    server_name  {{ lookup('env', 'CGIT_DOMAIN') }};
+    return 404; # managed by Certbot
+}
diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2 b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2
new file mode 100644
index 0000000..1380132
--- /dev/null
+++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2
@@ -0,0 +1,17 @@
+worker_processes auto;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    sendfile           on;
+    keepalive_timeout  65;
+    gzip               on;
+
+
+    include /usr/local/etc/nginx/conf.d/*.conf;
+}
-- 
cgit v1.2.3