chore: improve nginx role so config can be shared and avoid unneeded duplication between roles / VMs

roles/nginx/files/frontend.network

@@ -0,0 +1 @@
+[Network]

roles/nginx/files/nginx.conf

@@ -0,0 +1,41 @@
+worker_processes auto;
+
+error_log /var/log/nginx/error.log notice;
+pid /tmp/nginx.pid;
+
+
+events
+{
+	worker_connections 1024;
+}
+
+
+http
+{
+	proxy_temp_path /tmp/proxy_temp;
+	client_body_temp_path /tmp/client_temp;
+	fastcgi_temp_path /tmp/fastcgi_temp;
+	uwsgi_temp_path /tmp/uwsgi_temp;
+	scgi_temp_path /tmp/scgi_temp;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+	#        log_format main '$proxy_protocol_addr - $remote_user [$time_local] "$request" '
+	'$status $body_bytes_sent "$http_referer" '
+	'"$http_user_agent" "$http_x_forwarded_for"';
+
+	access_log /var/log/nginx/access.log main;
+
+	sendfile on;
+	#tcp_nopush     on;
+
+	keepalive_timeout 65;
+
+	#gzip  on;
+
+	include /etc/nginx/conf.d/*.conf;
+
+}
+

roles/nginx/files/nginx.container

@@ -1,11 +1,17 @@
 [Unit]
 Description=nginx container
+Requires=jellyfin.service
+After=jellyfin.service
 
 [Container]
 ContainerName=nginx
 Image=ghcr.io/nginxinc/nginx-unprivileged:mainline-alpine-slim
-PublishPort=8080:8080
-Volume=/srv/nginx/tls.conf:/etc/nginx/tls.conf:ro
+PublishPort=80:8080
+PublishPort=443:8443
+Network=frontend.network
+Volume=/srv/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+Volume=/srv/nginx/conf.d:/etc/nginx/conf.d:ro
+Volume=/srv/certs:/etc/nginx/ssl:Z
 PodmanArgs=--runtime runsc --security-opt label:disable
 Label=disable
 AutoUpdate=registry