bitlair/ansible
8
0
Fork 1
Code Issues Pull requests 1 Activity Actions

music: Use nginx role

Browse source
This commit is contained in:
polyfloyd 2025-05-14 17:40:30 +02:00
parent 1d8e07bf04
commit 301529271d
5 changed files with 54 additions and 80 deletions
Download patch file Download diff file Expand all files Collapse all files

4
group_vars/music.yaml
View file

@ -11,6 +11,10 @@ root_access:
- polyfloyd - polyfloyd
nginx_client_max_body_size: 512M nginx_client_max_body_size: 512M
nginx_sites:
- server_name: "music.bitlair.nl"
snippets:
- "music-nginx.j2"
music_domain: music.bitlair.nl music_domain: music.bitlair.nl
acme_san_domains: acme_san_domains:

2
music.yaml
View file

@ -6,5 +6,5 @@
- { role: "acme", tags: [ "acme" ] } - { role: "acme", tags: [ "acme" ] }
- { role: "deb_forgejo", tags: [ "deb_forgejo" ] } - { role: "deb_forgejo", tags: [ "deb_forgejo" ] }
- { role: "go", tags: [ "go" ] } - { role: "go", tags: [ "go" ] }
# - { role: "nginx", tags: [ "nginx" ] } - { role: "nginx", tags: [ "nginx" ] }
- { role: "music", tags: [ "music" ] } - { role: "music", tags: [ "music" ] }

9
roles/music/tasks/main.yaml
View file

@ -23,12 +23,3 @@
file: soundboard.yaml file: soundboard.yaml
tags: tags:
- music_soundboard - music_soundboard
- name: Install nginx config
ansible.builtin.template:
src: nginx-site.conf
dest: /etc/nginx/sites-enabled/trollibox
owner: root
group: root
mode: 0644
notify: Reload nginx

70
roles/music/templates/nginx-site.conf
View file

@ -1,70 +0,0 @@
# {{ ansible_managed }}
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name {{ music_domain }};
{% if acme_bootstrap_certs %}
include "snippets/snakeoil.conf";
{% else %}
ssl_certificate "/var/lib/dehydrated/certs/{{ music_domain }}/fullchain.pem";
ssl_certificate_key "/var/lib/dehydrated/certs/{{ music_domain }}/privkey.pem";
{% endif %}
{% for range in trusted_ranges %}
allow {{ range.cidr }};
{% endfor %}
deny all;
location / {
rewrite ^/(.*) https://{{ music_domain }}/trollibox/player/space?;
}
location /trollibox/ {
proxy_pass http://[::1]:3000/;
client_max_body_size 512M;
include proxy_params;
}
location ~ ^/trollibox/(.+/events)$ {
proxy_pass http://[::1]:3000/$1;
include proxy_params;
proxy_http_version 1.1;
chunked_transfer_encoding off;
add_header X-Test "123";
proxy_set_header Connection '';
proxy_buffering off;
proxy_read_timeout 7d;
}
location ~ ^/trollibox/(.+/listen)$ {
proxy_pass http://[::1]:3000/$1;
include proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 7d;
}
location /bobdsp/ {
proxy_pass http://[::1]:8081/;
include proxy_params;
}
location /vis/ {
allow all;
proxy_pass http://[::1]:13378/;
include proxy_params;
}
location = /vis/ {
rewrite ^(.*)$ /vis/index.html;
include proxy_params;
}
include "snippets/acme.conf";
}

49
snippets/music-nginx.j2 Normal file
View file

@ -0,0 +1,49 @@
{% for range in trusted_ranges %}
allow {{ range.cidr }};
{% endfor %}
deny all;
location / {
rewrite ^/(.*) https://{{ music_domain }}/trollibox/player/space?;
}
location /trollibox/ {
proxy_pass http://[::1]:3000/;
include proxy_params;
}
location ~ ^/trollibox/(.+/events)$ {
proxy_pass http://[::1]:3000/$1;
include proxy_params;
proxy_http_version 1.1;
chunked_transfer_encoding off;
add_header X-Test "123";
proxy_set_header Connection '';
proxy_buffering off;
proxy_read_timeout 7d;
}
location ~ ^/trollibox/(.+/listen)$ {
proxy_pass http://[::1]:3000/$1;
include proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 7d;
}
location /bobdsp/ {
proxy_pass http://[::1]:8081/;
include proxy_params;
}
location /vis/ {
allow all;
proxy_pass http://[::1]:13378/;
include proxy_params;
}
location = /vis/ {
rewrite ^(.*)$ /vis/index.html;
include proxy_params;
}