5 files changed, 97 insertions, 0 deletions

diff --git a/ansible/roles/nginx/README.md b/ansible/roles/nginx/README.md
new file mode 100644
index 0000000..9961a69
--- /dev/null
+++ b/ansible/roles/nginx/README.md
@@ -0,0 +1,3 @@
+# Role "nginx"
+
+Installs nginx on target hosts and provides a handler for reloading nginx, for instance on configuration change.
diff --git a/ansible/roles/nginx/files/default_server.conf b/ansible/roles/nginx/files/default_server.conf
new file mode 100644
index 0000000..1d68ff5
--- /dev/null
+++ b/ansible/roles/nginx/files/default_server.conf
@@ -0,0 +1,32 @@
+# Managed by Ansible
+server {
+  listen 80 default_server;
+
+  server_name _;
+
+  return 301 https://$host$request_uri;
+}
+
+server {
+  listen 443 ssl http2 default_server;
+
+  ssl_certificate      /etc/letsencrypt/live/pydis.wtf/fullchain.pem;
+  ssl_certificate_key  /etc/letsencrypt/live/pydis.wtf/privkey.pem;
+
+  location / {
+    set_by_lua_block $url {
+      local urls = {
+            "https://fasterthanli.me/articles/i-want-off-mr-golangs-wild-ride",
+            "https://en.wikipedia.org/wiki/Tax_evasion",
+            "https://jchri.st/blog/apfs-sadness-on-macos-big-sur.html",
+            "https://cdn.discordapp.com/attachments/675756741417369640/852688961516077086/Screenshot_2021-06-11_at_00.21.22.png",
+            "https://news.ycombinator.com/",
+            "https://www.hertfordshire.gov.uk/latest/letchworth-webcam.jpg",
+            "https://media.discordapp.net/attachments/922169059175444501/952929630459924501/1svkf3xto3n61.png"
+      }
+      return urls [ math.random(#urls) ]
+    }
+
+    return 302 $url;
+  }
+}
diff --git a/ansible/roles/nginx/files/files.pydis.wtf b/ansible/roles/nginx/files/files.pydis.wtf
new file mode 100644
index 0000000..db8416e
--- /dev/null
+++ b/ansible/roles/nginx/files/files.pydis.wtf
@@ -0,0 +1,10 @@
+# Managed by Ansible
+server {
+  listen      443;
+  server_name files.pydis.wtf;
+  root        /var/www/turing;
+
+  location / {
+    try_files $uri $uri/;
+  }
+}
diff --git a/ansible/roles/nginx/handlers/main.yml b/ansible/roles/nginx/handlers/main.yml
new file mode 100644
index 0000000..2e84daf
--- /dev/null
+++ b/ansible/roles/nginx/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+- name: Reload the nginx service
+  service:
+    name: nginx
+    state: reloaded
+  tags:
+    - role::nginx
diff --git a/ansible/roles/nginx/tasks/main.yml b/ansible/roles/nginx/tasks/main.yml
new file mode 100644
index 0000000..85fe7ec
--- /dev/null
+++ b/ansible/roles/nginx/tasks/main.yml
@@ -0,0 +1,45 @@
+---
+- name: Install NGINX & modules
+  package:
+    name:
+      - nginx
+      - libnginx-mod-http-lua
+      - libnginx-mod-http-geoip
+    state: present
+  tags:
+    - role::nginx
+
+- name: Copy NGINX default config
+  copy:
+    src: default_server.conf
+    dest: /etc/nginx/conf.d/default_server.conf
+    group: root
+    owner: root
+    mode: "0644"
+  tags:
+    - role::nginx
+  notify:
+    - Reload the nginx service
+
+- name: Remove default nginx site
+  file:
+    path: /etc/nginx/sites-enabled/default
+    state: absent
+
+- name: Copy file server config
+  copy:
+    src: files.pydis.wtf
+    dest: /etc/nginx/sites-available/files.pydis.wtf
+    group: root
+    owner: root
+    mode: "0644"
+  tags:
+    - role::nginx
+  notify:
+    - Reload the nginx service
+
+- name: Enable file server
+  file:
+    src: /etc/nginx/sites-available/files.pydis.wtf
+    dest: /etc/nginx/sites-enabled/files.pydis.wtf
+    state: link