From 01393ae1041335d3ebea78cb7ded1036bc277a29 Mon Sep 17 00:00:00 2001
From: Johannes Christ <jc@jchri.st>
Date: Wed, 16 Feb 2022 21:42:22 +0100
Subject: Add nginx deployment

Includes documented roles for:
- installing nginx & configuring handlers
- installing the mTLS certificate for Cloudflare
- installing firewall rules

They are kept separate for now, for composability.

Closes #22.
---
 roles/nginx-ufw/README.md      | 6 ++++++
 roles/nginx-ufw/meta/main.yml  | 4 ++++
 roles/nginx-ufw/tasks/main.yml | 8 ++++++++
 3 files changed, 18 insertions(+)
 create mode 100644 roles/nginx-ufw/README.md
 create mode 100644 roles/nginx-ufw/meta/main.yml
 create mode 100644 roles/nginx-ufw/tasks/main.yml

(limited to 'roles/nginx-ufw')

diff --git a/roles/nginx-ufw/README.md b/roles/nginx-ufw/README.md
new file mode 100644
index 0000000..042fda8
--- /dev/null
+++ b/roles/nginx-ufw/README.md
@@ -0,0 +1,6 @@
+# Role "nginx-ufw"
+
+Allows NGINX HTTP and HTTPS traffic through the UFW firewall.
+
+
+<!-- vim: set textwidth=80 sw=2 ts=2: -->
diff --git a/roles/nginx-ufw/meta/main.yml b/roles/nginx-ufw/meta/main.yml
new file mode 100644
index 0000000..dac7049
--- /dev/null
+++ b/roles/nginx-ufw/meta/main.yml
@@ -0,0 +1,4 @@
+---
+dependencies:
+  - nginx
+  - ufw
diff --git a/roles/nginx-ufw/tasks/main.yml b/roles/nginx-ufw/tasks/main.yml
new file mode 100644
index 0000000..bea22aa
--- /dev/null
+++ b/roles/nginx-ufw/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+- name: allow https traffic through the firewall
+  ufw:
+    app: WWW Secure
+    rule: allow
+    comment: nginx web server
+  tags:
+    - role::nginx-ufw
-- 
cgit v1.2.3