From 8d029827e9e97ddf4a694d570799d2603ee3005e Mon Sep 17 00:00:00 2001 From: Kris Lamoureux Date: Sun, 20 Sep 2020 20:33:03 -0400 Subject: [PATCH] Add nginx role for static websites --- dev/host_vars/nginx.yml | 21 ++++++++++++++++++++ dev/nginx.yml | 10 ++++++++++ dockerbox.yml | 1 + roles/.gitignore | 1 + roles/nginx/defaults/main.yml | 6 ++++++ roles/nginx/tasks/main.yml | 37 +++++++++++++++++++++++++++++++++++ update-hosts.sh | 1 + 7 files changed, 77 insertions(+) create mode 100644 dev/host_vars/nginx.yml create mode 100644 dev/nginx.yml create mode 100644 roles/nginx/defaults/main.yml create mode 100644 roles/nginx/tasks/main.yml diff --git a/dev/host_vars/nginx.yml b/dev/host_vars/nginx.yml new file mode 100644 index 0000000..79f1ad7 --- /dev/null +++ b/dev/host_vars/nginx.yml @@ -0,0 +1,21 @@ +# base +allow_reboot: false +manage_network: false + +# docker +docker_user: vagrant + +# traefik +traefik_version: latest +traefik_dashboard: true +traefik_domain: traefik.vm.krislamo.org +traefik_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin +#traefik_acme_email: realemail@example.com # Let's Encrypt settings +#traefik_production: true + +# nginx +nginx_domain: nginx.vm.krislamo.org +nginx_name: staticsite +nginx_repo_url: https://git.krislamo.org/kris/example-website/ +nginx_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin +nginx_version: latest diff --git a/dev/nginx.yml b/dev/nginx.yml new file mode 100644 index 0000000..a43d624 --- /dev/null +++ b/dev/nginx.yml @@ -0,0 +1,10 @@ +- name: Install nginx server (docker) + hosts: all + become: true + vars_files: + - host_vars/nginx.yml + roles: + - base + - docker + - traefik + - nginx diff --git a/dockerbox.yml b/dockerbox.yml index b8fae16..dffbca5 100644 --- a/dockerbox.yml +++ b/dockerbox.yml @@ -23,3 +23,4 @@ - gitea - jenkins - prometheus + - nginx diff --git a/roles/.gitignore b/roles/.gitignore index 12256f2..9b23231 100644 --- a/roles/.gitignore +++ b/roles/.gitignore @@ -8,6 +8,7 @@ !jenkins*/ !libvirt*/ !nextcloud*/ +!nginx*/ !prometheus*/ !traefik*/ !wordpress*/ diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml new file mode 100644 index 0000000..4899b14 --- /dev/null +++ b/roles/nginx/defaults/main.yml @@ -0,0 +1,6 @@ +nginx_name: "{{ nginx_domain }}" +nginx_repo_branch: master +nginx_repo_dest: "{{ nginx_root }}/repository" +nginx_repo_key: "{{ nginx_root }}/id_rsa" +nginx_root: /opt/nginx/{{ nginx_name }} +nginx_html: "{{ nginx_root }}/html" diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml new file mode 100644 index 0000000..2afcf1c --- /dev/null +++ b/roles/nginx/tasks/main.yml @@ -0,0 +1,37 @@ +- name: Create nginx root + file: + path: "{{ nginx_root }}" + state: directory + +- name: Generate deploy keys + openssh_keypair: + path: "{{ nginx_repo_key }}" + state: present + +- name: Clone static website files + git: + repo: "{{ nginx_repo_url }}" + dest: "{{ nginx_html }}" + version: "{{ nginx_repo_branch }}" + key_file: "{{ nginx_repo_key }}" + separate_git_dir: "{{ nginx_repo_dest }}" + +- name: Start nginx container + docker_container: + name: "{{ nginx_name }}" + image: nginx:{{ nginx_version }} + state: started + restart_policy: always + networks_cli_compatible: true + networks: + - name: traefik + volumes: + - "{{ nginx_html }}:/usr/share/nginx/html:ro" + labels: + traefik.http.routers.nginx.rule: "Host(`{{ nginx_domain }}`)" + traefik.http.middlewares.nginxauth.basicauth.users: "{{ nginx_auth }}" + traefik.http.routers.nginx.entrypoints: websecure + traefik.http.routers.nginx.tls.certresolver: letsencrypt + traefik.http.routers.nginx.middlewares: "securehttps@file,nginxauth" + traefik.docker.network: traefik + traefik.enable: "true" diff --git a/update-hosts.sh b/update-hosts.sh index 5adf9a6..f62f080 100755 --- a/update-hosts.sh +++ b/update-hosts.sh @@ -8,6 +8,7 @@ HOST[2]="git.${DOMAIN}" HOST[3]="jenkins.${DOMAIN}" HOST[4]="prom.${DOMAIN}" HOST[5]="grafana.${DOMAIN}" +HOST[6]="nginx.${DOMAIN}" # Get Vagrantbox guest IP VAGRANT_OUTPUT=$(vagrant ssh -c "hostname -I | cut -d' ' -f2" 2>/dev/null)