Add nginx role for static websites

2020-09-20 20:33:03 -04:00
parent be6d1437bd
commit 8d029827e9
7 changed files with 77 additions and 0 deletions
--- a/dev/host_vars/nginx.yml
+++ b/dev/host_vars/nginx.yml
@@ -0,0 +1,21 @@
 # base
 allow_reboot: false
 manage_network: false
 # docker
 docker_user: vagrant
 # traefik
 traefik_version: latest
 traefik_dashboard: true
 traefik_domain: traefik.vm.krislamo.org
 traefik_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin
 #traefik_acme_email: realemail@example.com # Let's Encrypt settings
 #traefik_production: true
 # nginx
 nginx_domain: nginx.vm.krislamo.org
 nginx_name: staticsite
 nginx_repo_url: https://git.krislamo.org/kris/example-website/
 nginx_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin
 nginx_version: latest
--- a/dev/nginx.yml
+++ b/dev/nginx.yml
@@ -0,0 +1,10 @@
 - name: Install nginx server (docker)
  hosts: all
  become: true
  vars_files:
    - host_vars/nginx.yml
  roles:
    - base
    - docker
    - traefik
    - nginx
--- a/dockerbox.yml
+++ b/dockerbox.yml
@@ -23,3 +23,4 @@
    - gitea
    - jenkins
    - prometheus
    - nginx
--- a/roles/.gitignore
+++ b/roles/.gitignore
@@ -8,6 +8,7 @@
 !jenkins*/
 !libvirt*/
 !nextcloud*/
 !nginx*/
 !prometheus*/
 !traefik*/
 !wordpress*/
--- a/roles/nginx/defaults/main.yml
+++ b/roles/nginx/defaults/main.yml
@@ -0,0 +1,6 @@
 nginx_name: "{{ nginx_domain }}"
 nginx_repo_branch: master
 nginx_repo_dest: "{{ nginx_root }}/repository"
 nginx_repo_key: "{{ nginx_root }}/id_rsa"
 nginx_root: /opt/nginx/{{ nginx_name }}
 nginx_html: "{{ nginx_root }}/html"
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -0,0 +1,37 @@
 - name: Create nginx root
  file:
    path: "{{ nginx_root }}"
    state: directory
 - name: Generate deploy keys
  openssh_keypair:
    path: "{{ nginx_repo_key }}"
    state: present
 - name: Clone static website files
  git:
    repo: "{{ nginx_repo_url }}"
    dest: "{{ nginx_html }}"
    version: "{{ nginx_repo_branch }}"
    key_file: "{{ nginx_repo_key }}"
    separate_git_dir: "{{ nginx_repo_dest }}"
 - name: Start nginx container
  docker_container:
    name: "{{ nginx_name }}"
    image: nginx:{{ nginx_version }}
    state: started
    restart_policy: always
    networks_cli_compatible: true
    networks:
      - name: traefik
    volumes:
      - "{{ nginx_html }}:/usr/share/nginx/html:ro"
    labels:
      traefik.http.routers.nginx.rule: "Host(`{{ nginx_domain }}`)"
      traefik.http.middlewares.nginxauth.basicauth.users: "{{ nginx_auth }}"
      traefik.http.routers.nginx.entrypoints: websecure
      traefik.http.routers.nginx.tls.certresolver: letsencrypt
      traefik.http.routers.nginx.middlewares: "securehttps@file,nginxauth"
      traefik.docker.network: traefik
      traefik.enable: "true"
--- a/update-hosts.sh
+++ b/update-hosts.sh
@@ -8,6 +8,7 @@ HOST[2]="git.${DOMAIN}"
 HOST[3]="jenkins.${DOMAIN}"
 HOST[4]="prom.${DOMAIN}"
 HOST[5]="grafana.${DOMAIN}"
 HOST[6]="nginx.${DOMAIN}"
 # Get Vagrantbox guest IP
 VAGRANT_OUTPUT=$(vagrant ssh -c "hostname -I | cut -d' ' -f2" 2>/dev/null)