music: Use nginx role

group_vars/music.yaml

@@ -11,6 +11,10 @@ root_access:
   - polyfloyd
 
 nginx_client_max_body_size: 512M
+nginx_sites:
+  - server_name: "music.bitlair.nl"
+    snippets:
+      - "music-nginx.j2"
 
 music_domain: music.bitlair.nl
 acme_san_domains:

music.yaml

@@ -6,5 +6,5 @@
     - { role: "acme", tags: [ "acme" ] }
     - { role: "deb_forgejo", tags: [ "deb_forgejo" ] }
     - { role: "go", tags: [ "go" ] }
-#    - { role: "nginx", tags: [ "nginx" ] }
+    - { role: "nginx", tags: [ "nginx" ] }
     - { role: "music", tags: [ "music" ] }

roles/music/tasks/main.yaml

@@ -23,12 +23,3 @@
     file: soundboard.yaml
   tags:
     - music_soundboard
-
-- name: Install nginx config
-  ansible.builtin.template:
-    src: nginx-site.conf
-    dest: /etc/nginx/sites-enabled/trollibox
-    owner: root
-    group: root
-    mode: 0644
-  notify: Reload nginx

roles/music/templates/nginx-site.conf

@@ -1,70 +0,0 @@
-# {{ ansible_managed }}
-
-server {
-    listen 80 default_server;
-    listen [::]:80 default_server;
-    listen 443 ssl default_server;
-    listen [::]:443 ssl default_server;
-
-    server_name {{ music_domain }};
-
-    {% if acme_bootstrap_certs %}
-    include "snippets/snakeoil.conf";
-    {% else %}
-    ssl_certificate     "/var/lib/dehydrated/certs/{{ music_domain }}/fullchain.pem";
-    ssl_certificate_key "/var/lib/dehydrated/certs/{{ music_domain }}/privkey.pem";
-    {% endif %}
-
-    {% for range in trusted_ranges %}
-    allow {{ range.cidr }};
-    {% endfor %}
-    deny all;
-
-    location / {
-        rewrite ^/(.*) https://{{ music_domain }}/trollibox/player/space?;
-    }
-
-    location /trollibox/ {
-        proxy_pass http://[::1]:3000/;
-        client_max_body_size 512M;
-        include proxy_params;
-    }
-
-    location ~ ^/trollibox/(.+/events)$ {
-        proxy_pass http://[::1]:3000/$1;
-        include proxy_params;
-        proxy_http_version 1.1;
-        chunked_transfer_encoding off;
-        add_header X-Test "123";
-        proxy_set_header Connection '';
-        proxy_buffering off;
-        proxy_read_timeout 7d;
-    }
-
-    location ~ ^/trollibox/(.+/listen)$ {
-        proxy_pass http://[::1]:3000/$1;
-        include proxy_params;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_read_timeout 7d;
-    }
-
-    location /bobdsp/ {
-        proxy_pass http://[::1]:8081/;
-        include proxy_params;
-    }
-
-    location /vis/ {
-        allow all;
-        proxy_pass http://[::1]:13378/;
-        include proxy_params;
-    }
-
-    location = /vis/ {
-        rewrite ^(.*)$ /vis/index.html;
-        include proxy_params;
-    }
-
-    include "snippets/acme.conf";
-}

snippets/music-nginx.j2

@@ -0,0 +1,49 @@
+{% for range in trusted_ranges %}
+allow {{ range.cidr }};
+{% endfor %}
+deny all;
+
+location / {
+    rewrite ^/(.*) https://{{ music_domain }}/trollibox/player/space?;
+}
+
+location /trollibox/ {
+    proxy_pass http://[::1]:3000/;
+    include proxy_params;
+}
+
+location ~ ^/trollibox/(.+/events)$ {
+    proxy_pass http://[::1]:3000/$1;
+    include proxy_params;
+    proxy_http_version 1.1;
+    chunked_transfer_encoding off;
+    add_header X-Test "123";
+    proxy_set_header Connection '';
+    proxy_buffering off;
+    proxy_read_timeout 7d;
+}
+
+location ~ ^/trollibox/(.+/listen)$ {
+    proxy_pass http://[::1]:3000/$1;
+    include proxy_params;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_read_timeout 7d;
+}
+
+location /bobdsp/ {
+    proxy_pass http://[::1]:8081/;
+    include proxy_params;
+}
+
+location /vis/ {
+    allow all;
+    proxy_pass http://[::1]:13378/;
+    include proxy_params;
+}
+
+location = /vis/ {
+    rewrite ^(.*)$ /vis/index.html;
+    include proxy_params;
+}