irl/ansible-collection-wip
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

feat: initial commit

Browse source
This commit is contained in:
Iain Learmonth 2025-06-02 14:55:56 +01:00
commit 072a1ed764
36 changed files with 1089 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
roles/podman_nginx/templates/certbot-renew.container Normal file
View file

@ -0,0 +1,13 @@
[Unit]
Description=Run certbot renew
[Container]
AutoUpdate=registry
ContainerName=certbot-renew
Exec=renew
Image=docker.io/certbot/certbot:latest
Volume=/home/{{ podman_nginx_podman_rootless_user }}/certbot/www:/var/www/certbot
Volume=/home/{{ podman_nginx_podman_rootless_user }}/certbot/conf:/etc/letsencrypt
[Service]
Restart=no

9
roles/podman_nginx/templates/certbot-renew.timer Normal file
View file

@ -0,0 +1,9 @@
[Unit]
Description=Timer for certbot renewals
[Timer]
OnCalendar=daily
Persistent=true
[Install]
WantedBy=timers.target

17
roles/podman_nginx/templates/nginx.conf Normal file
View file

@ -0,0 +1,17 @@
# {{ ansible_managed }}
server {
listen 80;
listen [::]:80;
server_name {{ podman_nginx_primary_hostname }};
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://{{ podman_nginx_primary_hostname }}$request_uri;
}
}

16
roles/podman_nginx/templates/nginx.container Normal file
View file

@ -0,0 +1,16 @@
[Container]
ContainerName=nginx
Image=docker.io/nginx:latest
{% if podman_nginx_frontend_network is defined %}Network={{ podman_nginx_frontend_network }}.network{% endif +%}
PublishPort=80:80
PublishPort=443:443
Volume=/home/{{ podman_nginx_podman_rootless_user }}/certbot/www:/var/www/certbot/:ro
Volume=/home/{{ podman_nginx_podman_rootless_user }}/certbot/conf/:/etc/letsencrypt/:ro
Volume=/home/{{ podman_nginx_podman_rootless_user }}/nginx:/etc/nginx/conf.d/:ro
[Service]
RuntimeMaxSec=604800
Restart=always
[Install]
WantedBy=default.target