feat: added nginx role

roles/nginx/files/nginx.container

@@ -0,0 +1,18 @@
+[Unit]
+Description=nginx container
+
+[Container]
+ContainerName=nginx
+Image=ghcr.io/nginxinc/nginx-unprivileged:mainline-alpine-slim
+PublishPort=8080:8080
+Volume=/srv/nginx/tls.conf:/etc/nginx/tls.conf:ro
+PodmanArgs=--runtime runsc --security-opt label:disable
+Label=disable
+AutoUpdate=registry
+
+[Install]
+WantedBy=multi-user.target default.target
+
+[Service]
+Restart=always
+

roles/nginx/files/tls.conf

@@ -0,0 +1,12 @@
+ssl_certificate /etc/nginx/ssl/cert.pem;
+ssl_certificate_key /etc/nginx/ssl/key.pem;
+
+ssl_session_timeout 1d;
+ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
+ssl_session_tickets off;
+
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256;
+ssl_prefer_server_ciphers on;
+ssl_conf_command Options PrioritizeChaCha;
+

roles/nginx/tasks/main.yaml

@@ -0,0 +1,32 @@
+- name: Create nginx dir
+  ansible.builtin.file:
+    path: /srv/nginx
+    state: directory
+    mode: '0644'
+
+- name: Copy over nginx.container file
+  ansible.builtin.copy:
+    src: ./files/nginx.container
+    dest: /etc/containers/systemd/nginx.container
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Copy over tls.conf file
+  ansible.builtin.copy:
+    src: ./files/tls.conf
+    dest: /srv/nginx/tls.conf
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Run systemctl daemon-reload
+  ansible.builtin.systemd_service:
+    daemon_reload: true
+
+- name: Start nginx container
+  ansible.builtin.systemd_service:
+    name: nginx.service
+    state: started
+    enabled: true
+