From 51d3e68b57b842cd63f863b32359e82201307c3d Mon Sep 17 00:00:00 2001
From: VC <veretcle+framagit@mateu.be>
Date: Sat, 5 Apr 2025 14:13:33 +0200
Subject: [PATCH] test: not to be merged

---
 inventory/host_vars/web3.yml                  | 16 +-----------
 roles/nginx/tasks/letsencrypt.yml             | 25 +++++++++++++++++++
 roles/nginx/tasks/main.yml                    |  7 ++++++
 .../vhosts/tamerelol.giteu.be.conf.j2         | 19 ++++++++++++++
 4 files changed, 52 insertions(+), 15 deletions(-)
 create mode 100644 roles/nginx/tasks/letsencrypt.yml
 create mode 100644 roles/nginx/templates/vhosts/tamerelol.giteu.be.conf.j2

diff --git a/inventory/host_vars/web3.yml b/inventory/host_vars/web3.yml
index 310929b..af4b2c1 100644
--- a/inventory/host_vars/web3.yml
+++ b/inventory/host_vars/web3.yml
@@ -1,17 +1,3 @@
 ---
-php_modules: ['opcache', 'mysql', 'mbstring', 'gd', 'intl', 'xml', 'bcmath', 'curl', 'imagick']
-
 web_hostname:
-  - host: sebicomics.com
-  - host: www.sebicomics.com
-
-mariadb_root_pass: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          66613630653961396639336136333837343866646263353135303233383336356166663466623438
-          6438653832313536363631336363306337366165616561370a316466353535313164623934626563
-          65343238333661333765636131323962316637613036393366343161343162393337376232633432
-          3233653232353534370a393962663766623237313166333638343561306134663062333230333635
-          63343339363833626136646134353365393734346561613262633531386135366634
-
-# 283M of base memory + 20MB/connection -> 1267M of RAM max
-mariadb_max_connections: 50
+  - host: tamerelol.giteu.be
diff --git a/roles/nginx/tasks/letsencrypt.yml b/roles/nginx/tasks/letsencrypt.yml
new file mode 100644
index 0000000..81c4b49
--- /dev/null
+++ b/roles/nginx/tasks/letsencrypt.yml
@@ -0,0 +1,25 @@
+---
+
+- name: Generate certificate
+  ansible.builtin.command:
+    cmd: "/etc/x509/acme.sh --issue --domain {{ item.host }} --webroot {{ nginx_letsencrypt_dir }}"
+    creates: "/etc/x509/{{ item.host }}*"
+  environment:
+    LE_WORKING_DIR: /etc/x509
+
+- name: Get ecc certificate dir
+  ansible.builtin.stat:
+    path: "/etc/x509/{{ item.host }}_ecc/"
+  register: _nginx_x509_ecc_current_dir
+
+- name: Move ecc certificate
+  ansible.builtin.copy:
+    remote_src: true
+    src: "/etc/x509/{{ item.host }}_ecc/"
+    dest: "/etc/x509/{{ item.host }}/"
+  when: _nginx_x509_ecc_current_dir.stat.exists
+
+- name: Remove ecc certificate
+  ansible.builtin.file:
+    path: "/etc/x509/{{ item.host }}_ecc"
+    state: absent
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index e94d40c..77e8c79 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -41,5 +41,12 @@
     mode: 'u+rwx,g+rs,o-rwx'
     state: directory
 
+- name: Flush handlers
+  ansible.builtin.meta: flush_handlers
+
+- name: Handle letsencrypt cert
+  ansible.builtin.include_tasks: letsencrypt.yml
+  loop: "{{ web_hostname }}"
+
 - name: Include vhosts
   ansible.builtin.include_tasks: vhosts.yml
diff --git a/roles/nginx/templates/vhosts/tamerelol.giteu.be.conf.j2 b/roles/nginx/templates/vhosts/tamerelol.giteu.be.conf.j2
new file mode 100644
index 0000000..f784b84
--- /dev/null
+++ b/roles/nginx/templates/vhosts/tamerelol.giteu.be.conf.j2
@@ -0,0 +1,19 @@
+server {
+{% include './templates/header.conf.j2' %}
+	
+	root /srv/http/analyse.nintendojo.fr/;
+	index index.html index.htm index.php;
+	
+	location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+		expires 2w;
+		log_not_found off;
+	}
+	
+	location ~ \.htaccess$ {
+		deny all;
+	}
+	
+	location ~ ^/tmp {
+		deny all;
+	}
+}