From 91fa6675e46e25d96bbd540ec63816ce020088af Mon Sep 17 00:00:00 2001
From: ionutboangiu <ionut.boangiu@itsyscom.com>
Date: Wed, 28 Jun 2023 10:35:06 -0400
Subject: [PATCH] Implement nginx role

---
 data/ansible/roles/nginx/defaults/main.yaml   |  2 +
 data/ansible/roles/nginx/tasks/main.yaml      | 37 +++++++++++++++++
 .../roles/nginx/templates/nginx.conf.j2       | 41 +++++++++++++++++++
 3 files changed, 80 insertions(+)
 create mode 100644 data/ansible/roles/nginx/defaults/main.yaml
 create mode 100644 data/ansible/roles/nginx/tasks/main.yaml
 create mode 100644 data/ansible/roles/nginx/templates/nginx.conf.j2

diff --git a/data/ansible/roles/nginx/defaults/main.yaml b/data/ansible/roles/nginx/defaults/main.yaml
new file mode 100644
index 000000000..c2e8a1173
--- /dev/null
+++ b/data/ansible/roles/nginx/defaults/main.yaml
@@ -0,0 +1,2 @@
+---
+nginx_server_name: apt.cgrates.org
diff --git a/data/ansible/roles/nginx/tasks/main.yaml b/data/ansible/roles/nginx/tasks/main.yaml
new file mode 100644
index 000000000..977667f16
--- /dev/null
+++ b/data/ansible/roles/nginx/tasks/main.yaml
@@ -0,0 +1,37 @@
+---
+- name: Add apt.cgrates.vhost in nginx
+  template:
+    src: nginx.conf.j2
+    dest: "/etc/nginx/sites-available/{{ nginx_server_name }}.vhost"
+    mode: '0600'
+    owner: root
+  register: nginx_config
+
+- name: Create a symlink for apt.cgrates.org
+  file:
+    src: "/etc/nginx/sites-available/{{ nginx_server_name }}.vhost"
+    dest: "/etc/nginx/sites-enabled/{{ nginx_server_name }}.vhost"
+    state: link
+
+- name: Reload nginx configuration
+  ansible.builtin.systemd:
+    name: nginx
+    state: reloaded
+  become: true
+  when: nginx_config.changed
+
+- name: Ensure nginx is started and enabled to start at boot
+  ansible.builtin.systemd:
+    name: nginx
+    state: started
+    enabled: yes
+  become: true
+
+# - name: Test Nginx configuration
+#   command: nginx -t
+#   register: result
+#   ignore_errors: true
+
+# - name: Report test results
+#   debug:
+#     msg: "{{ result.stdout }}"
\ No newline at end of file
diff --git a/data/ansible/roles/nginx/templates/nginx.conf.j2 b/data/ansible/roles/nginx/templates/nginx.conf.j2
new file mode 100644
index 000000000..c45a6a41f
--- /dev/null
+++ b/data/ansible/roles/nginx/templates/nginx.conf.j2
@@ -0,0 +1,41 @@
+user nginx nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    server {
+      listen 80;
+      autoindex_localtime on;
+      server_name {{ nginx_server_name }};
+
+      access_log /var/log/nginx/packages-error.log;
+      error_log /var/log/nginx/packages-error.log;
+
+      root /var/packages;
+
+      add_header Strict-Transport-Security "max-age=31536000" always;  
+      add_header X-Frame-Options "SAMEORIGIN" always;  
+      add_header X-XSS-Protection "1; mode=block" always; 
+
+      location / {
+        index index.html;
+        autoindex on;
+      }
+
+      location ~ /(.*)/conf {
+        deny all;
+      }
+
+      location ~ /(.*)/db {
+        deny all;
+      }
+    }
+}