add nginx/auth/basic role

author: Christian Pointner <equinox@spreadspace.org> 2020-09-07 19:41:04 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2020-09-07 19:41:04 +0200
commit: a323b2f6376acd1d26819b832a7c472f9e5506ad (patch)
tree: b711bb4e78b8f07e7f24bdfdb6a0fe062628b8f2 /roles/nginx/auth
parent: preseed/ubuntu: removing splash from kernel command-line is sufficient (diff)
2 files changed, 24 insertions, 0 deletions
diff --git a/roles/nginx/auth/basic/defaults/main.yml b/roles/nginx/auth/basic/defaults/main.yml
new file mode 100644
index 00000000..2f8ea109
--- /dev/null
+++ b/roles/nginx/auth/basic/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+# nginx_auth_basic_filename: foo
+
+# nginx_auth_basic_users:
+#   user1: password
diff --git a/roles/nginx/auth/basic/tasks/main.yml b/roles/nginx/auth/basic/tasks/main.yml
new file mode 100644
index 00000000..1eb99183
--- /dev/null
+++ b/roles/nginx/auth/basic/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+- name: create authentication directory
+  file:
+    state: directory
+    path: /etc/nginx/auth/
+    owner: root
+    group: www-data
+    mode: 0750
+
+- name: generate user entries
+  copy:
+    dest: "/etc/nginx/auth/{{ nginx_auth_basic_filename }}.htpasswd"
+    owner: root
+    group: www-data
+    mode: 0640
+    content: |
+      {% for user,password in nginx_auth_basic_users.items() %}
+      {{ user }}:{{ password | password_hash('apr_md5_crypt', 65534 | random(seed=(inventory_hostname+user)) | string) }}
+      {% endfor %}
author	Christian Pointner <equinox@spreadspace.org>	2020-09-07 19:41:04 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2020-09-07 19:41:04 +0200
commit	a323b2f6376acd1d26819b832a7c472f9e5506ad (patch)
tree	b711bb4e78b8f07e7f24bdfdb6a0fe062628b8f2 /roles/nginx/auth
parent	preseed/ubuntu: removing splash from kernel command-line is sufficient (diff)