From a323b2f6376acd1d26819b832a7c472f9e5506ad Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Mon, 7 Sep 2020 19:41:04 +0200
Subject: add nginx/auth/basic role

---
 roles/nginx/auth/basic/defaults/main.yml |  5 +++++
 roles/nginx/auth/basic/tasks/main.yml    | 19 +++++++++++++++++++
 2 files changed, 24 insertions(+)
 create mode 100644 roles/nginx/auth/basic/defaults/main.yml
 create mode 100644 roles/nginx/auth/basic/tasks/main.yml

(limited to 'roles/nginx/auth/basic')

diff --git a/roles/nginx/auth/basic/defaults/main.yml b/roles/nginx/auth/basic/defaults/main.yml
new file mode 100644
index 00000000..2f8ea109
--- /dev/null
+++ b/roles/nginx/auth/basic/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+# nginx_auth_basic_filename: foo
+
+# nginx_auth_basic_users:
+#   user1: password
diff --git a/roles/nginx/auth/basic/tasks/main.yml b/roles/nginx/auth/basic/tasks/main.yml
new file mode 100644
index 00000000..1eb99183
--- /dev/null
+++ b/roles/nginx/auth/basic/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+- name: create authentication directory
+  file:
+    state: directory
+    path: /etc/nginx/auth/
+    owner: root
+    group: www-data
+    mode: 0750
+
+- name: generate user entries
+  copy:
+    dest: "/etc/nginx/auth/{{ nginx_auth_basic_filename }}.htpasswd"
+    owner: root
+    group: www-data
+    mode: 0640
+    content: |
+      {% for user,password in nginx_auth_basic_users.items() %}
+      {{ user }}:{{ password | password_hash('apr_md5_crypt', 65534 | random(seed=(inventory_hostname+user)) | string) }}
+      {% endfor %}
-- 
cgit v1.2.3