# HG changeset patch
# User Luke Hoersten <luke@hoersten.org>
# Date 1592281516 18000
# Node ID 3f1771bb0d796f2c6f4e50917c69cea7917338d0
# Parent  f43ad090546d5fef844c6a1d0d9535a895bac540
Added stream support to nginx configs.

diff -r f43ad090546d -r 3f1771bb0d79 nginx-html-root/meta/main.yaml
--- a/nginx-html-root/meta/main.yaml	Sun Jun 14 15:22:25 2020 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,4 +0,0 @@
----
-
-dependencies:
-  - role: nginx
diff -r f43ad090546d -r 3f1771bb0d79 nginx-html-root/tasks/main.yaml
--- a/nginx-html-root/tasks/main.yaml	Sun Jun 14 15:22:25 2020 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
----
-
-- name: install nginx packages
-  become: yes
-  apt: name="nginx"
-
-- name: disable default site
-  become: yes
-  file: path="/etc/nginx/sites-enabled/default" state="absent"
-  notify: restart nginx
-
-- name: create http directory
-  become: yes
-  file: path="{{nginx_html_root}}" state="directory"
-
-- name: install root files
-  become: yes
-  copy: src="{{nginx_html_src}}" dest="{{nginx_html_root}}"
-
-- name: enable nginx service
-  become: yes
-  systemd: name="nginx" enabled="yes" state="started"
diff -r f43ad090546d -r 3f1771bb0d79 nginx/defaults/main.yaml
--- a/nginx/defaults/main.yaml	Sun Jun 14 15:22:25 2020 -0500
+++ b/nginx/defaults/main.yaml	Mon Jun 15 23:25:16 2020 -0500
@@ -1,10 +1,7 @@
 ---
 
-nginx_port: 80
-nginx_ssl_port: 443
-nginx_ssl_cert: "/etc/letsencrypt/live/{{nginx_server_name}}/fullchain.pem"
-nginx_ssl_privkey: "/etc/letsencrypt/live/{{nginx_server_name}}/privkey.pem"
-nginx_enable_certbot: No
-nginx_server_name: "{{ansible_host}}"
-nginx_conf_dst: "{{nginx_server_name}}.nginx.conf"
-nginx_admin_email: "admin@{{nginx_server_name}}"
+nginx_conf_src: "files/{{nginx_server_name}}/nginx.conf.j2"
+nginx_root_src: "files/{{nginx_server_name}}/root"
+nginx_root_dest: "/var/www/{{nginx_server_name}}"
+nginx_server_type: "site"
+nginx_root: false
diff -r f43ad090546d -r 3f1771bb0d79 nginx/files/nginx.conf
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/nginx/files/nginx.conf	Mon Jun 15 23:25:16 2020 -0500
@@ -0,0 +1,91 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+        worker_connections 768;
+        # multi_accept on;
+}
+
+http {
+
+        ##
+        # Basic Settings
+        ##
+
+        sendfile on;
+        tcp_nopush on;
+        tcp_nodelay on;
+        keepalive_timeout 65;
+        types_hash_max_size 2048;
+        # server_tokens off;
+
+        # server_names_hash_bucket_size 64;
+        # server_name_in_redirect off;
+
+        include /etc/nginx/mime.types;
+        default_type application/octet-stream;
+
+        ##
+        # SSL Settings
+        ##
+
+        ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
+        ssl_prefer_server_ciphers on;
+
+        ##
+        # Logging Settings
+        ##
+
+        access_log /var/log/nginx/access.log;
+        error_log /var/log/nginx/error.log;
+
+        ##
+        # Gzip Settings
+        ##
+
+        gzip on;
+
+        gzip_vary on;
+        gzip_proxied any;
+        gzip_comp_level 6;
+        gzip_buffers 16 8k;
+        gzip_http_version 1.1;
+        gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+        ##
+        # Virtual Host Configs
+        ##
+
+        include /etc/nginx/conf.d/*.conf;
+        include /etc/nginx/sites-enabled/*;
+}
+
+stream {
+        ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
+        ssl_prefer_server_ciphers on;
+
+        include /etc/nginx/streams-enabled/*;
+}
+
+#mail {
+#	# See sample authentication script at:
+#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+#
+#	# auth_http localhost/auth.php;
+#	# pop3_capabilities "TOP" "USER";
+#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
+#
+#	server {
+#		listen     localhost:110;
+#		protocol   pop3;
+#		proxy      on;
+#	}
+#
+#	server {
+#		listen     localhost:143;
+#		protocol   imap;
+#		proxy      on;
+#	}
+#}
diff -r f43ad090546d -r 3f1771bb0d79 nginx/tasks/main.yaml
--- a/nginx/tasks/main.yaml	Sun Jun 14 15:22:25 2020 -0500
+++ b/nginx/tasks/main.yaml	Mon Jun 15 23:25:16 2020 -0500
@@ -1,39 +1,44 @@
 ---
 
-- name: install nginx packages
+- name: apt install nginx
   become: yes
   apt: name="nginx"
 
-- name: install site
-  become: yes
-  template: src="{{nginx_conf_src}}" dest="/etc/nginx/sites-available/{{nginx_conf_dst}}"
-  notify: restart nginx
-
-- name: install nginx packages
-  become: yes
-  apt: name="python-certbot-nginx"
-  notify: restart nginx
-  when: nginx_enable_certbot
-
-- name: install certbot in nginx
-  become: yes
-  command: "certbot certonly --nginx -n --agree-tos -d {{nginx_server_name}} -m {{nginx_admin_email}}"
-  changed_when: false
-  when: nginx_enable_certbot
-
 - name: disable default site
   become: yes
   file: path="/etc/nginx/sites-enabled/default" state="absent"
+
+- name: install base config
+  become: yes
+  copy: src="nginx.conf" dest="/etc/nginx/nginx.conf"
   notify: restart nginx
 
-- name: enable site
+- name: make stream dirs
+  become: yes
+  file: path="/etc/nginx/streams-{{item}}" state="directory"
+  loop: ["available", "enabled"]
+
+- name: make config available
+  become: yes
+  template:
+    src:  "{{nginx_conf_src}}"
+    dest: "/etc/nginx/{{nginx_server_type}}s-available/{{nginx_server_name}}.conf"
+  notify: restart nginx
+
+- name: enable config
   become: yes
   file:
-    src:  "/etc/nginx/sites-available/{{nginx_conf_dst}}"
-    dest: "/etc/nginx/sites-enabled/{{nginx_conf_dst}}"
+    src:  "/etc/nginx/{{nginx_server_type}}s-available/{{nginx_server_name}}.conf"
+    dest: "/etc/nginx/{{nginx_server_type}}s-enabled/{{nginx_server_name}}.conf"
     state: "link"
   notify: restart nginx
 
+- name: copy root files
+  become: yes
+  copy: src="{{nginx_root_src}}" dest="{{nginx_root_dest}}/"
+  when: nginx_root
+  notify: restart nginx
+
 - name: enable nginx service
   become: yes
   systemd: name="nginx" enabled="yes" state="started"