roles/syncrepo: Add nginx config

71191572 · Jan Alexander Steffens (heftig) · 8674a9c9 · 71191572 · 71191572 · 71191572
Verified Commit 71191572 authored 8 years ago by Jan Alexander Steffens (heftig)
--- a/playbooks/soyuz.yml
+++ b/playbooks/soyuz.yml
@@ -14,7 +14,7 @@
    - { role: sudo, tags: ['sudo', 'archusers'] }
    - { role: postgres, tags: ['postgres'] }
    - { role: quassel, quassel_domain: "quassel.archlinux.org", tags: ['quassel'] }
-    - { role: syncrepo, tags: ['syncrepo'] }
+    - { role: syncrepo, mirror_domain: "mirror.pkgbuild.com", tags: ['syncrepo', 'nginx'] }
    - { role: sogrep, tags: ['sogrep'] }
    - { role: archbuild, tags: ['archbuild'] }
    - { role: public_html, public_domain: "pkgbuild.com", tags: ['nginx'] }
--- a/roles/syncrepo/tasks/main.yml
+++ b/roles/syncrepo/tasks/main.yml
 ---

+- stat: path="/etc/letsencrypt/live/{{ mirror_domain }}/fullchain.pem"
+  register: certfile
+  when: 'mirror_domain != ""'
+
 - name: install rsync
  pacman: name=rsync state=present

@@ -23,3 +27,9 @@
    line: 'Server = file:///srv/ftp/$repo/os/$arch'
    insertbefore: BOF
    create: true
+
+- name: set up nginx
+  template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/syncrepo.conf owner=root group=root mode=0644
+  notify:
+    - restart nginx
+  when: 'mirror_domain != ""'
--- a/roles/syncrepo/templates/nginx.d.conf.j2
+++ b/roles/syncrepo/templates/nginx.d.conf.j2
+server {
+    listen       80;
+    listen       [::]:80;
+    server_name  {{ mirror_domain }};
+    root         /srv/ftp;
+
+    include snippets/letsencrypt.conf;
+
+    autoindex on;
+}
+
+server {
+    listen       443 ssl http2;
+    listen       [::]:443 ssl http2;
+    server_name  {{ mirror_domain }};
+    root         /srv/ftp;
+
+{% if certfile.stat.exists %}
+    ssl_certificate      /etc/letsencrypt/live/{{ mirror_domain }}/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/{{ mirror_domain }}/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/{{ mirror_domain }}/chain.pem;
+{% endif %}
+
+    autoindex on;
+}