From b1dd1dfd7b83d7c6d673349f72b0ed56ece623d8 Mon Sep 17 00:00:00 2001
From: shockrah <alejandros714@protonmail.com>
Date: Sun, 26 Dec 2021 14:08:10 -0800
Subject: [PATCH] + Reverse proxy with nginx for internally hosted services

---
 playbooks/alpha/nginx/disable-default.yml     | 10 ++++
 playbooks/alpha/nginx/main.yml                | 46 +++++++++++++++++++
 .../alpha/nginx/search.project-athens.xyz     | 11 +++++
 3 files changed, 67 insertions(+)
 create mode 100644 playbooks/alpha/nginx/disable-default.yml
 create mode 100644 playbooks/alpha/nginx/main.yml
 create mode 100644 playbooks/alpha/nginx/search.project-athens.xyz

diff --git a/playbooks/alpha/nginx/disable-default.yml b/playbooks/alpha/nginx/disable-default.yml
new file mode 100644
index 0000000..fd64c3f
--- /dev/null
+++ b/playbooks/alpha/nginx/disable-default.yml
@@ -0,0 +1,10 @@
+---
+- hosts: alpha
+  tasks:
+    - name: Disable Default Nginx Site
+      become: yes
+      file:
+        path: /etc/nginx/sites-enabled/default
+        state: absent
+
+
diff --git a/playbooks/alpha/nginx/main.yml b/playbooks/alpha/nginx/main.yml
new file mode 100644
index 0000000..5ac0acb
--- /dev/null
+++ b/playbooks/alpha/nginx/main.yml
@@ -0,0 +1,46 @@
+# This playbook just installs nginx so that it is ready to configure
+# we don't bother with extra user accounts like with Beta because we
+# are only concerned with using nginx to serve fully containerized
+# applications. Not static files
+---
+- hosts: alpha
+  become: yes
+  tasks:
+    - name: Install Nginx
+      apt:
+        name: nginx
+        update_cache: yes
+        state: present
+
+    - name: Update Snap
+      community.general.snap:
+        name: core
+        state: present
+
+    - name: Install Certbot
+      community.general.snap:
+        name: certbot
+        classic: yes
+
+    - name: Push Searx Config
+      copy:
+        src: search.project-athens.xyz
+        dest: /etc/nginx/sites-available
+
+    - name: Enable Site in Nginx
+      file: 
+        src: /etc/nginx/sites-available/search.project-athens.xyz
+        dest: /etc/nginx/sites-enabled/search.project-athens.xyz
+        state: link
+
+    - name: Restart Nginx
+      service:
+        name: nginx
+        state: restarted
+
+    - name: Install Certificates for all sites on this host
+      command: >
+        certbot -n --nginx -m "{{CERT_EMAIL}}" --agree-tos
+        --domains "{{item}}"
+      loop:
+        - search.project-athens.xyz
diff --git a/playbooks/alpha/nginx/search.project-athens.xyz b/playbooks/alpha/nginx/search.project-athens.xyz
new file mode 100644
index 0000000..ae00fd5
--- /dev/null
+++ b/playbooks/alpha/nginx/search.project-athens.xyz
@@ -0,0 +1,11 @@
+# This file contains a base configuration file for the projectathens
+# It is to be overwritten by certbot later on so adjusting this config
+# should not happen on the target server
+
+server  {
+	server_name search.project-athens.xyz;
+	location / {
+		proxy_pass http://127.0.0.1:8080;
+	}
+}
+