Initial import; migrate some roles from irl.wip

2025-10-31 22:36:32 +00:00 · 2025-10-31 22:36:32 +00:00 · 2ba6c6691b
commit 2ba6c6691b
44 changed files with 1573 additions and 0 deletions
--- a/roles/podman_nginx/templates/certbot-renew.container
+++ b/roles/podman_nginx/templates/certbot-renew.container
@ -0,0 +1,13 @@
+[Unit]
+Description=Run certbot renew
+
+[Container]
+AutoUpdate=registry
+ContainerName=certbot-renew
+Exec=renew
+Image=docker.io/certbot/certbot:latest
+Volume=/home/{{ podman_nginx_podman_rootless_user }}/certbot/www:/var/www/certbot:z
+Volume=/home/{{ podman_nginx_podman_rootless_user }}/certbot/conf:/etc/letsencrypt:z
+
+[Service]
+Restart=no
--- a/roles/podman_nginx/templates/certbot-renew.timer
+++ b/roles/podman_nginx/templates/certbot-renew.timer
@ -0,0 +1,9 @@
+[Unit]
+Description=Timer for certbot renewals
+
+[Timer]
+OnCalendar=daily
+Persistent=true
+
+[Install]
+WantedBy=timers.target
--- a/roles/podman_nginx/templates/nginx.conf
+++ b/roles/podman_nginx/templates/nginx.conf
@ -0,0 +1,17 @@
+# {{ ansible_managed }}
+
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name {{ podman_nginx_primary_hostname }};
+    server_tokens off;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://{{ podman_nginx_primary_hostname }}$request_uri;
+    }
+}
--- a/roles/podman_nginx/templates/nginx.container
+++ b/roles/podman_nginx/templates/nginx.container
@ -0,0 +1,34 @@
+[Unit]
+{% for req in podman_nginx_systemd_service_requires %}
+Requires={{ req }}.service
+After={{ req }}.service
+{% endfor %}
+{% if podman_nginx_systemd_service_target is defined %}
+PartOf={{ podman_nginx_systemd_service_target }}
+{% endif %}
+
+[Container]
+ContainerName=nginx
+Image=docker.io/nginx:1
+{% if podman_nginx_frontend_network is defined %}Network={{ podman_nginx_frontend_network }}.network{% endif +%}
+PublishPort=80:80
+PublishPort=443:443
+Volume=/home/{{ podman_nginx_podman_rootless_user }}/certbot/www:/var/www/certbot/:ro,z
+Volume=/home/{{ podman_nginx_podman_rootless_user }}/certbot/conf/:/etc/letsencrypt/:ro,z
+Volume=/home/{{ podman_nginx_podman_rootless_user }}/nginx:/etc/nginx/conf.d/:ro,z
+
+{% for item in podman_nginx_additional_volumes %}
+Volume={{ item.src }}:{{ item.dest }}:{{ item.options }}
+{% endfor %}
+
+[Service]
+RuntimeMaxSec=604800
+Restart=always
+{% if podman_nginx_systemd_service_slice is defined %}
+Slice={{ podman_nginx_systemd_service_slice }}
+{% endif %}
+{% if podman_nginx_systemd_service_target is defined %}
+
+[Install]
+WantedBy=default.target
+{% endif %}