nginx role for git + music

2024-07-18 22:00:48 +02:00 · 2024-07-18 22:00:48 +02:00 · ecf68bd0cf
commit ecf68bd0cf
parent d0c1e45196
8 changed files with 51 additions and 33 deletions
--- a/roles/mqtt-internal/tasks/main.yaml
+++ b/roles/mqtt-internal/tasks/main.yaml
@ -1,34 +1,32 @@
 ---
- name: mqtt-internal
-  tags: mqtt_internal
-  block:
-    - name: Install dependencies
-      ansible.builtin.apt:
-        name:
-          - mosquitto
-          - avahi-daemon

-    - name: Install bambulab cafile
-      # openssl s_client -showcerts -connect <ip>:8883 </dev/null | sed -n -e '/-.BEGIN/,/-.END/ p'
-      ansible.builtin.copy:
-        dest: "{{ mqtt_bambulab_cafile }}"
-        content: "{{ lookup('passwordstore', 'bambulab subkey=cafile') }}"
+- name: Install dependencies
+  ansible.builtin.apt:
+    name:
+      - mosquitto
+      - avahi-daemon

-    - name: Configure Mosquitto
-      ansible.builtin.template:
-        src: "{{ item }}"
-        dest: "/etc/mosquitto/conf.d/{{ item }}"
-        owner: root
-        group: root
-        mode: 0644
-      notify: restart mosquitto
-      with_items:
-        - bambulab.conf
-        - internal.conf
-        - public-bridge.conf
+- name: Install bambulab cafile
+  # openssl s_client -showcerts -connect <ip>:8883 </dev/null | sed -n -e '/-.BEGIN/,/-.END/ p'
+  ansible.builtin.copy:
+    dest: "{{ mqtt_bambulab_cafile }}"
+    content: "{{ lookup('passwordstore', 'bambulab subkey=cafile') }}"

-    - name: Start mosquitto
-      ansible.builtin.systemd:
-        name: mosquitto
-        state: started
-        enabled: yes
+- name: Configure Mosquitto
+  ansible.builtin.template:
+    src: "{{ item }}"
+    dest: "/etc/mosquitto/conf.d/{{ item }}"
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart mosquitto
+  with_items:
+    - bambulab.conf
+    - internal.conf
+    - public-bridge.conf
+
+- name: Start mosquitto
+  ansible.builtin.systemd:
+    name: mosquitto
+    state: started
+    enabled: yes
--- a/roles/nginx/defaults/main.yaml
+++ b/roles/nginx/defaults/main.yaml
@ -13,4 +13,5 @@ nginx_tls_session_timeout:  "1h"
 nginx_ssl_stapling:         "on"
 nginx_ssl_stapling_verify:  "on"
 nginx_wk_acme:              "/var/lib/dehydrated/acme-challenges"
+nginx_client_max_body_size: "32m"

--- a/roles/nginx/templates/site.conf.j2
+++ b/roles/nginx/templates/site.conf.j2
@ -10,6 +10,8 @@ server {
    ssl_certificate        /var/lib/dehydrated/certs/{{ site.server_name }}/fullchain.pem;
    ssl_certificate_key    /var/lib/dehydrated/certs/{{ site.server_name }}/privkey.pem;

+    client_max_body_size {{ nginx_client_max_body_size }};
+
    location ~ /\.ht {
        deny all;
    }