mustard/proxmox-vms
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: improve nginx role so config can be shared and avoid unneeded duplication between roles / VMs

Browse source
This commit is contained in:
mustard 2025-10-14 00:19:53 +02:00
parent 5b9295d3a5
commit 5d126b1ce1
4 changed files with 81 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

1
roles/nginx/files/frontend.network Normal file
View file

@ -0,0 +1 @@
[Network]

41
roles/nginx/files/nginx.conf Normal file
View file

@ -0,0 +1,41 @@
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /tmp/nginx.pid;
events
{
worker_connections 1024;
}
http
{
proxy_temp_path /tmp/proxy_temp;
client_body_temp_path /tmp/client_temp;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# log_format main '$proxy_protocol_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}

10
roles/nginx/files/nginx.container
View file

@ -1,11 +1,17 @@
[Unit] [Unit]
Description=nginx container Description=nginx container
Requires=jellyfin.service
After=jellyfin.service
[Container] [Container]
ContainerName=nginx ContainerName=nginx
Image=ghcr.io/nginxinc/nginx-unprivileged:mainline-alpine-slim Image=ghcr.io/nginxinc/nginx-unprivileged:mainline-alpine-slim
PublishPort=8080:8080 PublishPort=80:8080
Volume=/srv/nginx/tls.conf:/etc/nginx/tls.conf:ro PublishPort=443:8443
Network=frontend.network
Volume=/srv/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
Volume=/srv/nginx/conf.d:/etc/nginx/conf.d:ro
Volume=/srv/certs:/etc/nginx/ssl:Z
PodmanArgs=--runtime runsc --security-opt label:disable PodmanArgs=--runtime runsc --security-opt label:disable
Label=disable Label=disable
AutoUpdate=registry AutoUpdate=registry

35
roles/nginx/tasks/main.yaml
View file

@ -2,7 +2,19 @@
ansible.builtin.file: ansible.builtin.file:
path: /srv/nginx path: /srv/nginx
state: directory state: directory
mode: '0644' mode: '0755'
- name: Create certs dir if it doesn't exist
ansible.builtin.file:
path: /srv/certs
state: directory
mode: '0755'
- name: Create conf.d dir if it doesn't exist
ansible.builtin.file:
path: /srv/nginx/conf.d
state: directory
mode: '0755'
- name: Copy over nginx.container file - name: Copy over nginx.container file
ansible.builtin.copy: ansible.builtin.copy:
@ -12,10 +24,26 @@
group: root group: root
mode: '0644' mode: '0644'
- name: Copy over nginx.conf file
ansible.builtin.copy:
src: ./files/nginx.conf
dest: /srv/nginx/nginx.conf
owner: root
group: root
mode: '0644'
- name: Copy over tls.conf file - name: Copy over tls.conf file
ansible.builtin.copy: ansible.builtin.copy:
src: ./files/tls.conf src: ./files/tls.conf
dest: /srv/nginx/tls.conf dest: /srv/nginx/conf.d/tls.conf
owner: root
group: root
mode: '0644'
- name: Copy over frontend network
ansible.builtin.copy:
src: ./files/frontend.network
dest: /etc/containers/systemd/frontend.network
owner: root owner: root
group: root group: root
mode: '0644' mode: '0644'
@ -27,6 +55,5 @@
- name: Start nginx container - name: Start nginx container
ansible.builtin.systemd_service: ansible.builtin.systemd_service:
name: nginx.service name: nginx.service
state: started state: restarted
enabled: true