From 53ace38e79fe33b18440e9757299cce514fb43b0 Mon Sep 17 00:00:00 2001
From: Pierre-Olivier Mercier <nemunaire@nemunai.re>
Date: Mon, 12 Feb 2024 17:38:17 +0100
Subject: [PATCH] Include initial http conf

---
 defaults/main.yml      |  2 ++
 handlers/main.yml      |  5 +++++
 tasks/main.yml         | 36 ++++++++++++++++++++++++++++++++----
 templates/http.conf.j2 | 25 +++++++++++++++++++++++++
 4 files changed, 64 insertions(+), 4 deletions(-)
 create mode 100644 defaults/main.yml
 create mode 100644 handlers/main.yml
 create mode 100644 templates/http.conf.j2

diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..0862586
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+version: latest
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..0758066
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: reload nginx
+  docker_container_exec:
+    container: hubdmz
+    command: nginx -s reload
diff --git a/tasks/main.yml b/tasks/main.yml
index 42b1eb5..c5454bf 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -3,13 +3,41 @@
   ansible.builtin.file:
     path: "/var/lib/hubdmz/conf.d/"
     state: directory
-- name: ensure http.d directory exists
-  ansible.builtin.file:
-    path: "/var/lib/hubdmz/http.d/"
-    state: directory
 
 - name: configure nginx with stream module
   template:
     src: nginx.conf.j2
     dest: "/var/lib/hubdmz/conf.d/stream.conf"
     mode: 0644
+  notify: reload nginx
+
+- name: ensure http.d directory exists
+  ansible.builtin.file:
+    path: "/var/lib/hubdmz/http.d/"
+    state: directory
+
+- name: configure nginx with a default host
+  template:
+    src: http.conf.j2
+    dest: "/var/lib/hubdmz/http.d/00-default.conf"
+    mode: 0644
+  notify: reload nginx
+
+- name: launch hubdmz container
+  docker_container:
+    name: "hubdmz"
+    image: "registry.nemunai.re/hubdmz:{{ version }}"
+    pull: true
+    volumes:
+      - "/var/lib/hubdmz/conf.d/:/etc/nginx/conf.d/"
+      - "/var/lib/hubdmz/http.d/:/etc/nginx/http.d/"
+    state: "started"
+    memory: 512M
+    published_ports:
+      - "80:80"
+      - "443:443"
+    log_driver: syslog
+    log_options:
+      syslog-address: unixgram:///dev/log
+      syslog-facility: daemon
+      tag: "hubdmz"
diff --git a/templates/http.conf.j2 b/templates/http.conf.j2
new file mode 100644
index 0000000..1dbbb65
--- /dev/null
+++ b/templates/http.conf.j2
@@ -0,0 +1,25 @@
+proxy_cache_path  /var/cache/nginx levels=1:2 keys_zone=STATIC:10m inactive=24h  max_size=1g;
+
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+
+    server_name ouaset.masr.nemunai.re _;
+
+    location / {
+        rewrite ^ https://$server_name$request_uri permanent;
+    }
+
+    location /server_status {
+        stub_status on;
+        allow   127.0.0.1;
+        allow   ::1;
+        allow   192.168.0.0/16;
+        allow   82.64.151.41;
+        allow   82.64.31.248;
+        allow   2a01:e0a:2b:2250::/64;
+        allow   2a01:e0a:518:830::/64;
+        allow   fe80::/64;
+        deny    all;
+    }
+}
\ No newline at end of file