commit 4269d57158354a1d1d62f708b983dddda26b3cdb
Author: Alex Kotov <kotovalexarian@gmail.com>
Date:   Sun Sep 19 00:37:57 2021 +0500

    Add existing code

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..c18dd8d
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+__pycache__/
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..83eeb06
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020-2021 Alex Kotov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..deb6c2e
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+nginx__state: null
+nginx__remove_default: true
+nginx__upstreams: []
+nginx__sites: []
diff --git a/files/syslog.conf b/files/syslog.conf
new file mode 100644
index 0000000..4ac957e
--- /dev/null
+++ b/files/syslog.conf
@@ -0,0 +1,2 @@
+access_log syslog:server=unix:/dev/log,facility=local7,severity=info,tag=nginx;
+error_log syslog:server=unix:/dev/log,facility=local7,severity=error,tag=nginx;
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..da39b0b
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: nginx | Restart Nginx
+  systemd:
+    daemon_reload: true
+    name: nginx
+    state: restarted
diff --git a/meta/main.yml b/meta/main.yml
new file mode 100644
index 0000000..a95e543
--- /dev/null
+++ b/meta/main.yml
@@ -0,0 +1,26 @@
+---
+allow_duplicates: false
+dependencies: []
+
+galaxy_info:
+  role_name: nginx
+  author: Alex Kotov
+  description: Nginx web server
+  license: MIT
+  min_ansible_version: 2.8
+
+  galaxy_tags:
+    - nginx
+    - web
+    - server
+
+  platforms:
+    - name: Debian
+      versions:
+        - stretch  # Debian 9 Stretch
+        - buster   # Debian 10 Buster
+    - name: Ubuntu
+      versions:
+        - xenial  # Ubuntu 16.04 LTS Xenial Xerus
+        - bionic  # Ubuntu 18.04 LTS Bionic Beaver
+        - focal   # Ubuntu 20.04 LTS Focal Fossa
diff --git a/tasks/install.yml b/tasks/install.yml
new file mode 100644
index 0000000..172a79b
--- /dev/null
+++ b/tasks/install.yml
@@ -0,0 +1,81 @@
+---
+- name: Install Nginx
+  apt:
+    name: nginx
+
+- name: Create directories for Nginx configuration
+  notify: nginx | Restart Nginx
+  file:
+    state: directory
+    path: '{{ item }}'
+    mode: 'u=rwx,go=rx'
+    owner: root
+    group: root
+  with_items:
+    - '{{ nginx__conf_dir }}'
+    - '{{ nginx__confd_dir }}'
+    - '{{ nginx__available_dir }}'
+    - '{{ nginx__enabled_dir }}'
+    - '{{ nginx__snippets_dir }}'
+
+- name: Disable Nginx access log
+  notify: nginx | Restart Nginx
+  lineinfile:
+    path: '{{ nginx__conf_dir }}/nginx.conf'
+    regexp: '^(\s*)#?\s*access_log\s+\S+\s*;\s*$'
+    line: '\1#access_log /var/log/nginx/access.log;'
+    backrefs: true
+
+- name: Disable Nginx error log
+  notify: nginx | Restart Nginx
+  lineinfile:
+    path: '{{ nginx__conf_dir }}/nginx.conf'
+    regexp: '^(\s*)#?\s*error_log\s+\S+\s*;\s*$'
+    line: '\1#error_log /var/log/nginx/error.log;'
+    backrefs: true
+
+- name: Install Nginx log config
+  notify: nginx | Restart Nginx
+  copy:
+    src: 'files/nginx/syslog.conf'
+    dest: '{{ nginx__confd_dir }}/syslog.conf'
+    mode: 'u=rw,go=r'
+    owner: root
+    group: root
+
+- name: Remove Nginx default site
+  notify: nginx | Restart Nginx
+  file:
+    state: absent
+    path: '{{ nginx__enabled_dir }}/default'
+  when: nginx__remove_default|bool
+
+- name: Add Nginx upstreams
+  notify: nginx | Restart Nginx
+  template:
+    src: 'templates/nginx/upstream.conf'
+    dest: '{{ nginx__confd_dir }}/upstream-{{ item.name }}.conf'
+    mode: 'u=rw,go=r'
+    owner: root
+    group: root
+  with_items: '{{ nginx__upstreams }}'
+
+- name: Add Nginx sites
+  notify: nginx | Restart Nginx
+  template:
+    src: 'templates/nginx/{{ item.type }}.conf'
+    dest: '{{ nginx__available_dir }}/{{ item.domain }}.conf'
+    mode: 'u=rw,go=r'
+    owner: root
+    group: root
+  with_items: '{{ nginx__sites }}'
+
+- name: Enable Nginx sites
+  notify: nginx | Restart Nginx
+  file:
+    state: link
+    src: '{{ nginx__available_dir }}/{{ item.domain }}.conf'
+    dest: '{{ nginx__enabled_dir }}/{{ item.domain }}.conf'
+    owner: root
+    group: root
+  with_items: '{{ nginx__sites }}'
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..bd82b09
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,13 @@
+---
+- fail:
+    msg: 'Invalid `nginx__state`: {{ nginx__state }}'
+  when: (nginx__state != None) and
+        (nginx__state != 'purge') and
+        (nginx__state != 'remove') and
+        (nginx__state != 'install')
+- include_tasks: purge.yml
+  when: nginx__state == 'purge'
+- include_tasks: remove.yml
+  when: nginx__state == 'remove'
+- include_tasks: install.yml
+  when: nginx__state == 'install'
diff --git a/tasks/purge.yml b/tasks/purge.yml
new file mode 100644
index 0000000..4fe3814
--- /dev/null
+++ b/tasks/purge.yml
@@ -0,0 +1,14 @@
+---
+- name: Purge Nginx
+  apt:
+    state: absent
+    purge: true
+    name:
+      - nginx
+      - nginx-common
+      - nginx-core
+
+- name: Delete Nginx configuration
+  file:
+    state: absent
+    path: '{{ nginx__conf_dir }}'
diff --git a/tasks/remove.yml b/tasks/remove.yml
new file mode 100644
index 0000000..5b59471
--- /dev/null
+++ b/tasks/remove.yml
@@ -0,0 +1,9 @@
+---
+- name: Uninstall Nginx
+  apt:
+    state: absent
+    purge: false
+    name:
+      - nginx
+      - nginx-common
+      - nginx-core
diff --git a/templates/listing.conf b/templates/listing.conf
new file mode 100644
index 0000000..ec93030
--- /dev/null
+++ b/templates/listing.conf
@@ -0,0 +1,27 @@
+server {
+  listen 80;
+  listen [::]:80;
+
+  server_name {{ item.domain }};
+
+  return 301 https://$host$request_uri;
+}
+
+server {
+  listen 443 ssl;
+  listen [::]:443 ssl;
+
+  server_name {{ item.domain }};
+
+  ssl_certificate     {{ item.cert }};
+  ssl_certificate_key {{ item.key }};
+
+  include {{ item.ssl_conf }};
+
+  root {{ item.root }};
+
+  try_files $uri $uri/ =404;
+
+  charset utf-8;
+  autoindex on;
+}
diff --git a/templates/origin.conf b/templates/origin.conf
new file mode 100644
index 0000000..f891d7e
--- /dev/null
+++ b/templates/origin.conf
@@ -0,0 +1,53 @@
+server {
+  listen 80;
+  listen [::]:80;
+
+  server_name {{ item.domain }};
+
+  return 301 https://$host$request_uri;
+}
+
+server {
+  listen 443 ssl;
+  listen [::]:443 ssl;
+
+  server_name {{ item.domain }};
+
+  ssl_certificate     {{ item.cert }};
+  ssl_certificate_key {{ item.key }};
+
+  include {{ item.ssl_conf }};
+
+  root {{ item.root }};
+
+  try_files $uri/index.html $uri @origin;
+
+  location @origin {
+    proxy_cache_bypass $http_upgrade;
+    proxy_http_version 1.1;
+    proxy_redirect     off;
+
+{% if item.external %}
+    proxy_set_header Connection        "upgrade";
+    proxy_set_header HOST              $host;
+    proxy_set_header Upgrade           $http_upgrade;
+    proxy_set_header X-Forwarded-For   $remote_addr;
+    proxy_set_header X-Forwarded-Host  $host;
+    proxy_set_header X-Forwarded-Port  $server_port;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Real-IP         $remote_addr;
+{% else %}
+    proxy_set_header Connection        "upgrade";
+    proxy_set_header HOST              $http_host;
+    proxy_set_header Upgrade           $http_upgrade;
+    proxy_set_header X-Forwarded-For   $http_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+{% endif %}
+
+    proxy_pass http://{{ item.upstream }};
+  }
+
+  error_page 500 502 503 504 /500.html;
+  client_max_body_size 4G;
+  keepalive_timeout 10;
+}
diff --git a/templates/proxy.conf b/templates/proxy.conf
new file mode 100644
index 0000000..1071fef
--- /dev/null
+++ b/templates/proxy.conf
@@ -0,0 +1,59 @@
+server {
+  listen 80;
+  listen [::]:80;
+
+  server_name {{ item.domain }};
+
+  return 301 https://$host$request_uri;
+}
+
+server {
+  listen 443 ssl;
+  listen [::]:443 ssl;
+
+  server_name {{ item.domain }};
+
+  ssl_certificate     {{ item.cert }};
+  ssl_certificate_key {{ item.key }};
+
+  include {{ item.ssl_conf }};
+
+  ssl_verify_client optional;
+  ssl_client_certificate {{ item.clnt_ca }};
+
+  proxy_cache_bypass $http_upgrade;
+  proxy_http_version 1.1;
+  proxy_redirect     off;
+
+  proxy_set_header Connection        "upgrade";
+  proxy_set_header HOST              $host;
+  proxy_set_header Upgrade           $http_upgrade;
+  proxy_set_header X-Forwarded-For   $remote_addr;
+  proxy_set_header X-Forwarded-Host  $host;
+  proxy_set_header X-Forwarded-Port  $server_port;
+  proxy_set_header X-Forwarded-Proto $scheme;
+  proxy_set_header X-Real-IP         $remote_addr;
+
+  location / {
+    recursive_error_pages on;
+
+    error_page 418 = @no_crt;
+    error_page 419 = @with_crt;
+
+    if ($ssl_client_verify != SUCCESS) {
+      return 418;
+    }
+
+    if ($ssl_client_verify = SUCCESS) {
+      return 419;
+    }
+  }
+
+  location @no_crt {
+    proxy_pass https://{{ item.no_crt }};
+  }
+
+  location @with_crt {
+    proxy_pass https://{{ item.with_crt }};
+  }
+}
diff --git a/templates/raw.conf b/templates/raw.conf
new file mode 100644
index 0000000..37774b9
--- /dev/null
+++ b/templates/raw.conf
@@ -0,0 +1 @@
+{{ item.content }}
diff --git a/templates/redirect.conf b/templates/redirect.conf
new file mode 100644
index 0000000..52d0a69
--- /dev/null
+++ b/templates/redirect.conf
@@ -0,0 +1,22 @@
+server {
+  listen 80;
+  listen [::]:80;
+
+  server_name {{ item.domain }};
+
+  return 301 https://$host$request_uri;
+}
+
+server {
+  listen 443 ssl;
+  listen [::]:443 ssl;
+
+  server_name {{ item.domain }};
+
+  ssl_certificate     {{ item.cert }};
+  ssl_certificate_key {{ item.key }};
+
+  include {{ item.ssl_conf }};
+
+  return 301 https://{{ item.redir_to }}$request_uri;
+}
diff --git a/templates/upstream.conf b/templates/upstream.conf
new file mode 100644
index 0000000..bc6e504
--- /dev/null
+++ b/templates/upstream.conf
@@ -0,0 +1,5 @@
+upstream {{ item.name }} {
+{% for server in item.servers %}
+  server {{ server }};
+{% endfor %}
+}
diff --git a/vars/main.yml b/vars/main.yml
new file mode 100644
index 0000000..a2d2b23
--- /dev/null
+++ b/vars/main.yml
@@ -0,0 +1,6 @@
+---
+nginx__conf_dir: '/etc/nginx'
+nginx__confd_dir:     '{{ nginx__conf_dir }}/conf.d'
+nginx__available_dir: '{{ nginx__conf_dir }}/sites-available'
+nginx__enabled_dir:   '{{ nginx__conf_dir }}/sites-enabled'
+nginx__snippets_dir:  '{{ nginx__conf_dir }}/snippets'