nextcloud basic installation is finally working properly

15 files changed, 95 insertions, 100 deletions

diff --git a/roles/nginx/base/defaults/main.yml b/roles/nginx/base/defaults/main.yml
new file mode 100644
index 00000000..50920f20
--- /dev/null
+++ b/roles/nginx/base/defaults/main.yml
@@ -0,0 +1,10 @@
+---
+nginx_pkg_variant: nginx-light
+
+nginx_conf_d_files:
+  - connection-upgrade
+
+nginx_snippets:
+  - ssl
+  - hsts
+  - proxy-nobuff
diff --git a/roles/nginx/files/conf.d/connection-upgrade.conf b/roles/nginx/base/files/conf.d/connection-upgrade.conf
index 4153effe..4153effe 100644
--- a/roles/nginx/files/conf.d/connection-upgrade.conf
+++ b/roles/nginx/base/files/conf.d/connection-upgrade.conf
diff --git a/roles/nginx/files/snippets/hsts.conf b/roles/nginx/base/files/snippets/hsts.conf
index 4ca8396e..4ca8396e 100644
--- a/roles/nginx/files/snippets/hsts.conf
+++ b/roles/nginx/base/files/snippets/hsts.conf
diff --git a/roles/nginx/files/snippets/proxy-nobuff.conf b/roles/nginx/base/files/snippets/proxy-nobuff.conf
index b08de70c..b08de70c 100644
--- a/roles/nginx/files/snippets/proxy-nobuff.conf
+++ b/roles/nginx/base/files/snippets/proxy-nobuff.conf
diff --git a/roles/nginx/files/snippets/security-headers.conf b/roles/nginx/base/files/snippets/security-headers.conf
index b94d479d..b94d479d 100644
--- a/roles/nginx/files/snippets/security-headers.conf
+++ b/roles/nginx/base/files/snippets/security-headers.conf
diff --git a/roles/nginx/files/snippets/ssl.conf b/roles/nginx/base/files/snippets/ssl.conf
index d187a7c0..d187a7c0 100644
--- a/roles/nginx/files/snippets/ssl.conf
+++ b/roles/nginx/base/files/snippets/ssl.conf
diff --git a/roles/nginx/handlers/main.yml b/roles/nginx/base/handlers/main.yml
index 6deed0cd..6deed0cd 100644
--- a/roles/nginx/handlers/main.yml
+++ b/roles/nginx/base/handlers/main.yml
diff --git a/roles/nginx/base/tasks/main.yml b/roles/nginx/base/tasks/main.yml
new file mode 100644
index 00000000..a975ce52
--- /dev/null
+++ b/roles/nginx/base/tasks/main.yml
@@ -0,0 +1,31 @@
+---
+- name: install nginx
+  apt:
+    name: "{{ nginx_pkg_variant }}"
+    state: present
+
+- name: remove nginx default config
+  file:
+    name: /etc/nginx/sites-enabled/default
+    state: absent
+  notify: restart nginx
+
+- name: install nginx config.d files
+  loop: "{{ nginx_conf_d_files }}"
+  copy:
+    src: "conf.d/{{ item }}.conf"
+    dest: /etc/nginx/conf.d/
+  notify: restart nginx
+
+- name: install nginx config snippets
+  loop: "{{ nginx_snippets }}"
+  copy:
+    src: "snippets/{{ item }}.conf"
+    dest: /etc/nginx/snippets/
+  notify: restart nginx
+
+- name: generate Diffie-Hellman parameters
+  openssl_dhparam:
+    path: /etc/ssl/dhparams.pem
+    size: 2048
+  notify: restart nginx
diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml
deleted file mode 100644
index a38a95a0..00000000
--- a/roles/nginx/defaults/main.yml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-nginx_pkg_variant: nginx-light
-
-nginx_conf_d_files:
-  - connection-upgrade
-
-nginx_snippets:
-  - ssl
-  - hsts
-  - proxy-nobuff
-
-# nginx_vhosts:
-#   example:
-#     template: generic-proxy-no-buffering-with-acme
-#     acme: yes
-#     hostnames:
-#       - example.com
-#       - www.example.com
-#     proxy_pass: http://127.0.0.1:8080
-#   other.io:
-#     content: "<< nginx vhost config file contents >>"
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
deleted file mode 100644
index 57816cea..00000000
--- a/roles/nginx/tasks/main.yml
+++ /dev/null
@@ -1,68 +0,0 @@
----
-- name: install nginx
-  apt:
-    name: "{{ nginx_pkg_variant }}"
-    state: present
-
-- name: remove nginx default config
-  file:
-    name: /etc/nginx/sites-enabled/default
-    state: absent
-  notify: restart nginx
-
-- name: install nginx config.d files
-  loop: "{{ nginx_conf_d_files }}"
-  copy:
-    src: "conf.d/{{ item }}.conf"
-    dest: /etc/nginx/conf.d/
-  notify: restart nginx
-
-- name: install nginx config snippets
-  loop: "{{ nginx_snippets }}"
-  copy:
-    src: "snippets/{{ item }}.conf"
-    dest: /etc/nginx/snippets/
-  notify: restart nginx
-
-- name: generate Diffie-Hellman parameters
-  openssl_dhparam:
-    path: /etc/ssl/dhparams.pem
-    size: 2048
-  notify: restart nginx
-
-- name: install nginx configs from template
-  loop: "{{ nginx_vhosts | dict2items }}"
-  loop_control:
-    label: "{{ item.key }}"
-  when: "'template' in item.value"
-  template:
-    src: "{{ item.value.template }}.conf.j2"
-    dest: "/etc/nginx/sites-available/{{ item.key }}"
-  notify: restart nginx
-
-- name: install nginx configs from config data
-  loop: "{{ nginx_vhosts | dict2items }}"
-  loop_control:
-    label: "{{ item.key }}"
-  when: "'content' in item.value"
-  copy:
-    content: "{{ item.value.content }}"
-    dest: "/etc/nginx/sites-available/{{ item.key }}"
-  notify: restart nginx
-
-- name: enable vhost config
-  loop: "{{ nginx_vhosts | dict2items }}"
-  loop_control:
-    label: "{{ item.key }}"
-  file:
-    src: "../sites-available/{{ item.key }}"
-    dest: "/etc/nginx/sites-enabled/{{ item.key }}"
-    state: link
-  notify: restart nginx
-
-- name: generate acme certificate
-  loop: "{{ nginx_vhosts | dict2items }}"
-  loop_control:
-    label: "{{ item.key }} ({{ item.value.hostnames | default([]) | join(', ') }})"
-  when: "'acme' in item.value  and  item.value.acme"
-  include_tasks: acme.yml
diff --git a/roles/nginx/vhost/defaults/main.yml b/roles/nginx/vhost/defaults/main.yml
new file mode 100644
index 00000000..dfedb50b
--- /dev/null
+++ b/roles/nginx/vhost/defaults/main.yml
@@ -0,0 +1,13 @@
+---
+# nginx_vhost:
+#   name: example
+#   template: generic-proxy-no-buffering-with-acme
+#   acme: yes
+#   hostnames:
+#     - example.com
+#     - www.example.com
+#   proxy_pass: http://127.0.0.1:8080
+
+# nginx_vhost:
+#   name: other-example
+#   content: "<<< content of vhost >>>"
diff --git a/roles/nginx/vhost/handlers/main.yml b/roles/nginx/vhost/handlers/main.yml
new file mode 100644
index 00000000..d4e42ca0
--- /dev/null
+++ b/roles/nginx/vhost/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: reload nginx
+  service:
+    name: nginx
+    state: reloaded
diff --git a/roles/nginx/tasks/acme.yml b/roles/nginx/vhost/tasks/acme.yml
index b8ab7879..99ad7856 100644
--- a/roles/nginx/tasks/acme.yml
+++ b/roles/nginx/vhost/tasks/acme.yml
@@ -1,6 +1,6 @@
 ---
 - name: check if acme certs already exist
-  loop: "{{ item.value.hostnames }}"
+  loop: "{{ nginx_vhost.hostnames }}"
   loop_control:
     loop_var: acme_hostname
   stat:
@@ -9,7 +9,7 @@
 
 - name: set acmecert_missing_hostnames variable
   set_fact:
-    acmecert_missing_hostnames: "{{ acme_cert_stat.results | acme_cert_nonexistent(item.value.hostnames) }}"
+    acmecert_missing_hostnames: "{{ acme_cert_stat.results | acme_cert_nonexistent(nginx_vhost.hostnames) }}"
 
 - name: link nonexistent hostnames to self-signed interim cert
   when: acmecert_missing_hostnames | length > 0
@@ -40,5 +40,5 @@
   import_role:
     name: acmetool/cert
   vars:
-    acmetool_cert_name: "{{ item.value.hostnames[0] }}"
-    acmetool_cert_hostnames: "{{ item.value.hostnames }}"
+    acmetool_cert_name: "{{ nginx_vhost.hostnames[0] }}"
+    acmetool_cert_hostnames: "{{ nginx_vhost.hostnames }}"
diff --git a/roles/nginx/vhost/tasks/main.yml b/roles/nginx/vhost/tasks/main.yml
new file mode 100644
index 00000000..4de3393d
--- /dev/null
+++ b/roles/nginx/vhost/tasks/main.yml
@@ -0,0 +1,25 @@
+---
+- name: install nginx configs from template
+  when: "'template' in nginx_vhost"
+  template:
+    src: "{{ nginx_vhost.template }}.conf.j2"
+    dest: "/etc/nginx/sites-available/{{ nginx_vhost.name }}"
+  notify: reload nginx
+
+- name: install nginx configs from config data
+  when: "'content' in nginx_vhost"
+  copy:
+    content: "{{ nginx_vhost.content }}"
+    dest: "/etc/nginx/sites-available/{{ nginx_vhost.name }}"
+  notify: reload nginx
+
+- name: enable vhost config
+  file:
+    src: "../sites-available/{{ nginx_vhost.name }}"
+    dest: "/etc/nginx/sites-enabled/{{ nginx_vhost.name }}"
+    state: link
+  notify: reload nginx
+
+- name: generate acme certificate
+  when: "'acme' in nginx_vhost  and  nginx_vhost.acme"
+  include_tasks: acme.yml
diff --git a/roles/nginx/templates/generic-proxy-no-buffering-with-acme.conf.j2 b/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2
index 9f165726..55bd5ac6 100644
--- a/roles/nginx/templates/generic-proxy-no-buffering-with-acme.conf.j2
+++ b/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2
@@ -1,7 +1,7 @@
 server {
     listen 80;
     listen [::]:80;
-    server_name {{ item.value.hostnames | join(' ') }};
+    server_name {{ nginx_vhost.hostnames | join(' ') }};
 
     include snippets/acmetool.conf;
 
@@ -13,18 +13,18 @@ server {
 server {
     listen 443 ssl http2;
     listen [::]:443 ssl http2;
-    server_name {{ item.value.hostnames | join(' ') }};
+    server_name {{ nginx_vhost.hostnames | join(' ') }};
 
     include snippets/acmetool.conf;
     include snippets/ssl.conf;
-    ssl_certificate     /var/lib/acme/live/{{ item.value.hostnames[0] }}/fullchain;
-    ssl_certificate_key /var/lib/acme/live/{{ item.value.hostnames[0] }}/privkey;
+    ssl_certificate     /var/lib/acme/live/{{ nginx_vhost.hostnames[0] }}/fullchain;
+    ssl_certificate_key /var/lib/acme/live/{{ nginx_vhost.hostnames[0] }}/privkey;
     include snippets/hsts.conf;
 
     location / {
         include snippets/proxy-nobuff.conf;
-{% if 'client_max_body_size' in item.value %}
-        client_max_body_size {{ item.value.client_max_body_size }};
+{% if 'client_max_body_size' in nginx_vhost %}
+        client_max_body_size {{ nginx_vhost.client_max_body_size }};
 {% endif %}
 
         proxy_set_header Host $host;
@@ -38,6 +38,6 @@ server {
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $connection_upgrade;
 
-        proxy_pass {{ item.value.proxy_pass }};
+        proxy_pass {{ nginx_vhost.proxy_pass }};
     }
 }