From b5f1f01f5676ddc91c58689a32add345ca01e37f Mon Sep 17 00:00:00 2001
From: Pierre-Olivier Mercier <nemunaire@nemunai.re>
Date: Mon, 12 Feb 2024 17:27:14 +0100
Subject: [PATCH] Initial commit

---
 meta/main.yml           | 18 ++++++++++++++++++
 tasks/main.yml          | 15 +++++++++++++++
 templates/nginx.conf.j2 | 30 ++++++++++++++++++++++++++++++
 3 files changed, 63 insertions(+)
 create mode 100644 meta/main.yml
 create mode 100644 tasks/main.yml
 create mode 100644 templates/nginx.conf.j2

diff --git a/meta/main.yml b/meta/main.yml
new file mode 100644
index 0000000..4a5f064
--- /dev/null
+++ b/meta/main.yml
@@ -0,0 +1,18 @@
+---
+
+dependencies: []
+
+galaxy_info:
+  role_name: hubdmz
+  author: 'Pierre-Olivier Mercier <nemunaire+iac@nemunai.re>'
+  description: Initial configuration for hubdmz
+  license: GPL-3.0-or-later
+  min_ansible_version: 2.9
+  platforms:
+    - name: Alpine
+      versions:
+        - all
+    - name: Debian
+      versions:
+        - all
+  galaxy_tags: []
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..42b1eb5
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+- name: ensure conf.d directory exists
+  ansible.builtin.file:
+    path: "/var/lib/hubdmz/conf.d/"
+    state: directory
+- name: ensure http.d directory exists
+  ansible.builtin.file:
+    path: "/var/lib/hubdmz/http.d/"
+    state: directory
+
+- name: configure nginx with stream module
+  template:
+    src: nginx.conf.j2
+    dest: "/var/lib/hubdmz/conf.d/stream.conf"
+    mode: 0644
diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2
new file mode 100644
index 0000000..63f8103
--- /dev/null
+++ b/templates/nginx.conf.j2
@@ -0,0 +1,30 @@
+stream {
+  log_format main
+            '$ssl_preread_server_name > $remote_addr [$time_local] ';
+
+  {% if nginx_stream_access_log is defined %}
+  access_log {{ nginx_stream_access_log }} main;
+  {% endif %}
+
+  map_hash_bucket_size 48;
+
+  map $ssl_preread_server_name $targetSslBackend {
+
+      default            {{ nginx_stream_default_endpoint }};
+  }
+
+  server {
+    listen 443;
+
+    proxy_connect_timeout 1s;
+    {% if nginx_resolvers is defined %}
+    resolver {% for r in nginx_resolvers %}{% if ":" in r %}[{{ r }}]{% else %}{{ r }}{% endif %} {% endfor %};
+    {% endif %}
+
+    proxy_pass $targetSslBackend;
+    {% if no_proxy_protocol is not defined %}
+    proxy_protocol on;
+    {% endif %}
+    ssl_preread on;
+  }
+}
\ No newline at end of file