From 0bec0a9630386e400a84f6dc9fd611d76f4a8498 Mon Sep 17 00:00:00 2001
From: Felix Stupp <felix.stupp@outlook.com>
Date: Wed, 31 Jul 2019 01:47:43 +0200
Subject: [PATCH] Added role nginx/server

---
 roles/nginx/server/README.md             |  4 ++++
 roles/nginx/server/meta/main.yml         |  4 ++++
 roles/nginx/server/tasks/main.yml        | 10 ++++++++++
 roles/nginx/server/templates/server.conf | 14 ++++++++++++++
 4 files changed, 32 insertions(+)
 create mode 100644 roles/nginx/server/README.md
 create mode 100644 roles/nginx/server/meta/main.yml
 create mode 100644 roles/nginx/server/tasks/main.yml
 create mode 100644 roles/nginx/server/templates/server.conf

diff --git a/roles/nginx/server/README.md b/roles/nginx/server/README.md
new file mode 100644
index 0000000..a1b53f9
--- /dev/null
+++ b/roles/nginx/server/README.md
@@ -0,0 +1,4 @@
+# nginx Server Role
+
+Defines a basic server role with a full custom set of directives for nginx.
+Only requires / configures SSL with a certificate.
diff --git a/roles/nginx/server/meta/main.yml b/roles/nginx/server/meta/main.yml
new file mode 100644
index 0000000..2717b1a
--- /dev/null
+++ b/roles/nginx/server/meta/main.yml
@@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - role: acme/certificate
diff --git a/roles/nginx/server/tasks/main.yml b/roles/nginx/server/tasks/main.yml
new file mode 100644
index 0000000..eceae2d
--- /dev/null
+++ b/roles/nginx/server/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Configure server for {{ domain }}
+  template:
+    src: server.conf
+    dest: "{{ nginx_sites_directory }}/{{ domain }}"
+    owner: root
+    group: root
+    mode: "u=rw,g=r,o=r"
+  notify: reload nginx
diff --git a/roles/nginx/server/templates/server.conf b/roles/nginx/server/templates/server.conf
new file mode 100644
index 0000000..c6101e6
--- /dev/null
+++ b/roles/nginx/server/templates/server.conf
@@ -0,0 +1,14 @@
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  server_name {{ domain }};
+
+  ssl on;
+  ssl_certificate {{ acme_certificate_location }};
+  ssl_certificate_key {{ acme_key_location }};
+
+  include {{ nginx_snippets_directory }}/https;
+  include {{ nginx_snippets_directory }}/global;
+
+  {{ directives | indent(width=2) }}
+}