From 20cb480915bd81babba5d9922250159ecbd5ad33 Mon Sep 17 00:00:00 2001
From: Johanna Dorothea Reichmann <transcaffeine@finally.coffee>
Date: Sun, 16 Jul 2023 18:58:33 +0200
Subject: [PATCH 1/2] feat(vouch-proxy): add ansible role for vouch-proxy

---
 roles/vouch-proxy/defaults/main.yml | 51 +++++++++++++++++++++++++++++
 roles/vouch-proxy/handlers/main.yml |  8 +++++
 roles/vouch-proxy/tasks/main.yml    | 50 ++++++++++++++++++++++++++++
 3 files changed, 109 insertions(+)
 create mode 100644 roles/vouch-proxy/defaults/main.yml
 create mode 100644 roles/vouch-proxy/handlers/main.yml
 create mode 100644 roles/vouch-proxy/tasks/main.yml

diff --git a/roles/vouch-proxy/defaults/main.yml b/roles/vouch-proxy/defaults/main.yml
new file mode 100644
index 0000000..bbf5089
--- /dev/null
+++ b/roles/vouch-proxy/defaults/main.yml
@@ -0,0 +1,51 @@
+---
+
+vouch_proxy_user: vouch-proxy
+vouch_proxy_version: 0.39.0
+vouch_proxy_base_path: /opt/vouch-proxy
+vouch_proxy_config_path: "{{ vouch_proxy_base_path }}/config"
+vouch_proxy_config_file: "{{ vouch_proxy_config_path }}/config.yaml"
+
+vouch_proxy_container_name: vouch-proxy
+vouch_proxy_container_image_name: vouch-proxy
+vouch_proxy_container_image_namespace: vouch/
+vouch_proxy_container_image_registry: quay.io
+
+vouch_proxy_container_image_repository: >-
+  {{
+    (container_registries[vouch_proxy_container_image_registry] | default(vouch_proxy_container_image_registry))
+    + '/' + (vouch_proxy_container_image_namespace | default(''))
+    + vouch_proxy_container_image_name
+  }}
+vouch_proxy_container_image_reference: >-
+  {{
+    vouch_proxy_container_image_repository + ':'
+    + (vouch_proxy_container_image_tag | default(vouch_proxy_version))
+  }}
+
+vouch_proxy_container_image_force_pull: "{{ vouch_proxy_container_image_tag is defined }}"
+
+vouch_proxy_container_default_volumes:
+  - "{{ vouch_proxy_config_file }}:/config/config.yaml:ro"
+vouch_proxy_container_volumes: >-
+  {{ vouch_proxy_container_default_volumes
+     + vouch_proxy_container_extra_volumes | default([]) }}
+vouch_proxy_container_restart_policy: "unless-stopped"
+
+vouch_proxy_config_vouch_log_level: info
+vouch_proxy_config_vouch_listen: 0.0.0.0
+vouch_proxy_config_vouch_port: 9090
+vouch_proxy_config_vouch_domains: []
+vouch_proxy_config_vouch_document_root: ~
+
+vouch_proxy_oauth_config: {}
+vouch_proxy_vouch_config:
+  logLevel: "{{ vouch_proxy_config_vouch_log_level }}"
+  listen: "{{ vouch_proxy_config_vouch_listen }}"
+  port: "{{ vouch_proxy_config_vouch_port }}"
+  domains: "{{ vouch_proxy_config_vouch_domains }}"
+  document_root: "{{ vouch_proxy_config_vouch_document_root }}"
+
+vouch_proxy_config:
+  vouch: "{{ vouch_proxy_vouch_config }}"
+  oauth: "{{ vouch_proxy_oauth_config }}"
diff --git a/roles/vouch-proxy/handlers/main.yml b/roles/vouch-proxy/handlers/main.yml
new file mode 100644
index 0000000..c09726d
--- /dev/null
+++ b/roles/vouch-proxy/handlers/main.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Ensure vouch-proxy was restarted
+  community.docker.docker_container:
+    name: "{{ vouch_proxy_container_name }}"
+    state: started
+    restart: yes
+  listen: restart-vouch-proxy
diff --git a/roles/vouch-proxy/tasks/main.yml b/roles/vouch-proxy/tasks/main.yml
new file mode 100644
index 0000000..4584520
--- /dev/null
+++ b/roles/vouch-proxy/tasks/main.yml
@@ -0,0 +1,50 @@
+---
+
+- name: Ensure vouch-proxy user '{{ vouch_proxy_user }}' exists
+  ansible.builtin.user:
+    name: "{{ vouch_proxy_user }}"
+    state: present
+    system: true
+  register: vouch_proxy_user_info
+
+- name: Ensure mounts are created
+  ansible.builtin.file:
+    dest: "{{ item.path }}"
+    state: directory
+    owner: "{{ item.owner | default(vouch_proxy_user_info.uid | default(vouch_proxy_user)) }}"
+    group: "{{ item.owner | default(vouch_proxy_user_info.group | default(vouch_proxy_user)) }}"
+    mode: "{{ item.mode | default('0755') }}"
+  loop:
+    - path: "{{ vouch_proxy_base_path }}"
+    - path: "{{ vouch_proxy_config_path }}"
+
+- name: Ensure config file is templated
+  ansible.builtin.copy:
+    dest: "{{ vouch_proxy_config_file }}"
+    content: "{{ vouch_proxy_config | to_nice_yaml }}"
+    owner: "{{ vouch_proxy_user_info.uid | default(vouch_proxy_user) }}"
+    group: "{{ vouch_proxy_user_info.group | default(vouch_proxy_user) }}"
+    mode: "0640"
+  notify:
+    - restart-vouch-proxy
+
+- name: Ensure container image is present on host
+  community.docker.docker_image:
+    name: "{{ vouch_proxy_container_image_reference }}"
+    state: present
+    source: pull
+    force_source: "{{ vouch_proxy_container_image_force_pull | bool }}"
+
+- name: Ensure container '{{ vouch_proxy_container_name }}' is running
+  community.docker.docker_container:
+    name: "{{ vouch_proxy_container_name }}"
+    image: "{{ vouch_proxy_container_image_reference }}"
+    env: "{{ vouch_proxy_container_env | default(omit) }}"
+    user: "{{ vouch_proxy_user_info.uid | default(vouch_proxy_user) }}"
+    ports: "{{ vouch_proxy_container_ports | default(omit) }}"
+    volumes: "{{ vouch_proxy_container_volumes | default(omit) }}"
+    networks: "{{ vouch_proxy_container_networks | default(omit) }}"
+    purge_networks: "{{ vouch_proxy_container_purge_networks | default(omit) }}"
+    etc_hosts: "{{ vouch_proxy_container_etc_hosts | default(omit) }}"
+    restart_policy: "{{ vouch_proxy_container_restart_policy }}"
+    state: started
-- 
2.45.2


From cd31d8b6afdd4f7e793fb04ca5bad6bbef8c2a76 Mon Sep 17 00:00:00 2001
From: Johanna Dorothea Reichmann <transcaffeine@finally.coffee>
Date: Sun, 16 Jul 2023 19:01:55 +0200
Subject: [PATCH 2/2] feat(nginx): add ansible role

---
 roles/nginx/defaults/main.yml | 33 +++++++++++++++++++++++++++++++
 roles/nginx/handlers/main.yml |  8 ++++++++
 roles/nginx/tasks/main.yml    | 37 +++++++++++++++++++++++++++++++++++
 3 files changed, 78 insertions(+)
 create mode 100644 roles/nginx/defaults/main.yml
 create mode 100644 roles/nginx/handlers/main.yml
 create mode 100644 roles/nginx/tasks/main.yml

diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml
new file mode 100644
index 0000000..1c7ef7e
--- /dev/null
+++ b/roles/nginx/defaults/main.yml
@@ -0,0 +1,33 @@
+---
+
+nginx_version: "1.25.1"
+nginx_flavour: alpine
+nginx_base_path: /opt/nginx
+nginx_config_file: "{{ nginx_base_path }}/nginx.conf"
+
+nginx_container_name: nginx
+nginx_container_image_reference: >-
+  {{
+    nginx_container_image_repository
+    + ':' + (nginx_container_image_tag
+      | default(nginx_version
+      + (('-' + nginx_flavour) if nginx_flavour is defined else ''), true))
+  }}
+nginx_container_image_repository: >-
+  {{
+    (
+      container_registries[nginx_container_image_registry]
+      | default(nginx_container_image_registry)
+    )
+    + '/'
+    + nginx_container_image_namespace | default('')
+    + nginx_container_image_name
+  }}
+nginx_container_image_registry: "docker.io"
+nginx_container_image_name: "nginx"
+nginx_container_image_tag: ~
+
+nginx_container_restart_policy: "unless-stopped"
+nginx_container_volumes:
+  - "{{ nginx_config_file }}:/etc/nginx/conf.d/nginx.conf:ro"
+ 
diff --git a/roles/nginx/handlers/main.yml b/roles/nginx/handlers/main.yml
new file mode 100644
index 0000000..1ad5e3c
--- /dev/null
+++ b/roles/nginx/handlers/main.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Ensure nginx container '{{ nginx_container_name }}' is restarted
+  community.docker.docker_container:
+    name: "{{ nginx_container_name }}"
+    state: started
+    restart: true
+  listen: restart-nginx
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
new file mode 100644
index 0000000..6a5b98d
--- /dev/null
+++ b/roles/nginx/tasks/main.yml
@@ -0,0 +1,37 @@
+---
+
+- name: Ensure base path '{{ nginx_base_path }}' exists
+  ansible.builtin.file:
+    path: "{{ nginx_base_path }}"
+    state: directory
+    mode: 0755
+
+- name: Ensure nginx config file is templated
+  ansible.builtin.copy:
+    dest: "{{ nginx_config_file }}"
+    content: "{{ nginx_config }}"
+    mode: 0640
+  notify:
+    - restart-nginx
+
+- name: Ensure docker container image is present
+  community.docker.docker_image:
+    name: "{{ nginx_container_image_reference }}"
+    state: present
+    source: pull
+    force_source: "{{ nginx_container_image_tag is defined and nginx_container_image_tag | string != '' }}"
+
+- name: Ensure docker container '{{ nginx_container_name }}' is running
+  community.docker.docker_container:
+    name: "{{ nginx_container_name }}"
+    image: "{{ nginx_container_image_reference }}"
+    env: "{{ nginx_container_env | default(omit, true) }}"
+    user: "{{ nginx_container_user | default(omit, true) }}"
+    ports: "{{ nginx_container_ports | default(omit, true) }}"
+    labels: "{{ nginx_container_labels | default(omit, true) }}"
+    volumes: "{{ nginx_container_volumes | default(omit, true) }}"
+    etc_hosts: "{{ nginx_container_etc_hosts | default(omit, true) }}"
+    networks: "{{ nginx_container_networks | default(omit, true) }}"
+    purge_networks: "{{ nginx_container_purge_networks | default(omit, true) }}"
+    restart_policy: "{{ nginx_container_restart_policy }}"
+    state: started
-- 
2.45.2