~xenrox/ansible: nginx: Configure templated snippets

bb988dd35468ac463dff5287f0b7d4cc80db24b1 — Thorben Günther 1 year, 10 months ago 52af729

nginx: Configure templated snippets

For now only a config that allows internal access to critical parts of a
page. In this case that means the server itself and the VPN subnet.

patch browse .tar.gz

2 files changed, 16 insertions(+), 0 deletions(-)

M roles/nginx/tasks/main.yml
A roles/nginx/templates/internal_access.conf.j2

M roles/nginx/tasks/main.yml => roles/nginx/tasks/main.yml +11 -0

@@ 31,6 31,17 @@
   with_fileglob: files/snippets/*
   notify: restart nginx
 
+- name: Copy templated snippets
+  ansible.builtin.template:
+    src: "{{ item }}.j2"
+    dest: "/etc/nginx/snippets/{{ item }}"
+    owner: root
+    group: root
+    mode: 0644
+  with_items:
+    - internal_access.conf
+  notify: restart nginx
+
 - name: create nginx.d directory
   ansible.builtin.file:
     state: directory

A roles/nginx/templates/internal_access.conf.j2 => roles/nginx/templates/internal_access.conf.j2 +5 -0

@@ 0,0 1,5 @@
+allow 127.0.0.1;
+allow {{ ipv4_address }};
+allow {{ ipv6_address }};
+allow {{ wireguard_vpn_subnet }};
+deny all;