add ansible

.ansible/.downloaded_roles/hispanico.nginx-revproxy/.travis.yml

@@ -0,0 +1,46 @@
+---
+language: python
+python: "2.7"
+
+sudo: required
+dist: xenial
+
+# Install ansible
+addons:
+  apt:
+    packages:
+    - python-pip
+
+install:
+  # Install ansible
+  - pip install ansible
+
+  # Check ansible version
+  - ansible --version
+
+  # Create ansible.cfg with correct roles_path
+  - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+script:
+  # Basic role syntax check
+  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+
+  # Run the role/playbook with ansible-playbook
+  - ansible-playbook tests/test.yml -i tests/inventory --connection=local --become
+
+  # Run the role/playbook again, checking to make sure it's idempotent
+  - >
+    ansible-playbook tests/test.yml -i tests/inventory --connection=local --become
+    | grep -q 'changed=0.*failed=0'
+    && (echo 'Idempotence test: pass' && exit 0)
+    || (echo 'Idempotence test: fail' && exit 1)
+
+  # Check for role is done
+  - sudo service nginx status
+  - sudo netstat -ntulp |grep nginx
+  - sudo ls /etc/nginx/sites-enabled/
+  - for i in $(sudo ls /etc/nginx/sites-enabled/); do echo $i;echo "------------------------------"; sudo cat /etc/nginx/sites-enabled/$i; echo "------------------------------";echo ""; done
+
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

.ansible/.downloaded_roles/hispanico.nginx-revproxy/README.md

@@ -0,0 +1,90 @@
+ansible-nginx-revproxy
+=========
+
+[![Build Status](https://img.shields.io/travis/hispanico/ansible-nginx-revproxy.svg?style=flat-square)](https://travis-ci.org/hispanico/ansible-nginx-revproxy)
+[![Galaxy](https://img.shields.io/badge/galaxy-hispanico.nginx--revproxy-blue.svg?style=flat-square)](https://galaxy.ansible.com/hispanico/nginx-revproxy/)
+
+Install and configures Nginx as reverse proxy for multiple website.
+
+Requirements
+------------
+
+This role requires Ansible 2.4 or higher.
+
+Role Variables
+--------------
+
+Default values:
+
+```yaml
+nginx_revproxy_sites:                                         # List of sites to reverse proxy
+  default:                                                    # Set defualt site to return 444 (Connection Closed Without Response)
+    ssl: false                                                # Set to True if you want to redirect http to https
+    letsencrypt: false
+
+  example.com:                                                # Domain name
+    domains:                                                  # List of server_name aliases
+      - example.com
+      - www.example.com
+    upstreams:                                                # List of Upstreams
+      - { backend_address: 192.168.0.100, backend_port: 80 }
+      - { backend_address: 192.168.0.101, backend_port: 8080 }
+    auth:                                                     # Define this block for a single HTTP user/password, or leave undefined for unauthenticated vhosts
+      login: myusername
+      password: mysecretpassword
+    listen: 9000                                              # Specify which port you want to listen to with clear HTTP, or leave undefined for 80
+    ssl: false                                                # Set to True if you want to redirect http to https
+    letsencrypt: false                                        # Set to True if you are using hispanico.letsencrypt-nginx-revproxy role
+
+  example.org:                                                # Domain name
+    domains:                                                  # List of server_name aliases
+      - example.org
+      - www.example.org
+    upstreams:                                                # List of Upstreams
+      - { backend_address: 192.168.0.200, backend_port: 80 }
+      - { backend_address: 192.168.0.201, backend_port: 8080 }
+    listen: 9000                                              # Specify which port you want to listen to with clear HTTP, or leave undefined for 80
+    listen_ssl: 9001                                          # Specify which port you want to listen to with HTTPS, or leave undefined for 443
+    ssl: true                                                 # Set to True if you want to redirect http to https
+    letsencrypt: false                                        # Set to True if you want use letsencrypt
+    letsencrypt_email: ""                                     # Set email for letencrypt cert
+```
+
+Dependencies
+------------
+
+None.
+
+Example Playbook
+----------------
+
+```yaml
+  - hosts: all
+    roles:
+      - ansible-nginx-revproxy
+    vars:
+      nginx_revproxy_sites:
+        default:
+          ssl: false
+          letsencrypt: false
+
+        example.com:
+          domains:
+            - example.com
+            - www.example.com
+          upstreams:
+            - { backend_address: 192.168.0.100, backend_port: 80 }
+            - { backend_address: 192.168.0.101, backend_port: 80 }
+          ssl: true
+          letsencrypt: false
+```
+
+License
+-------
+
+Licensed under the GPLv3 License. See the LICENSE file for details.
+
+Author Information
+------------------
+
+Hispanico

.ansible/.downloaded_roles/hispanico.nginx-revproxy/defaults/main.yml

@@ -0,0 +1,14 @@
+---
+
+nginx_revproxy_sites:                                         # List of sites to reverse proxy
+  example.com:                                                # Domain name
+    domains:                                                  # List of server_name aliases
+      - example.com
+      - www.example.com
+    upstreams:                                                # List of Upstreams
+      - { backend_address: 192.168.0.100, backend_port: 80 }
+      - { backend_address: 192.168.0.101, backend_port: 8080 }
+    ssl: true                                                 # Set to True if you want to redirect http to https
+    hsts_max_age: 63072000                                    # Set HSTS header with max-age defined
+    letsencrypt: false                                        # Set to True if you want use letsencrypt
+    letsencrypt_email: ""                                     # Set email for letencrypt cert

.ansible/.downloaded_roles/hispanico.nginx-revproxy/handlers/main.yml

@@ -0,0 +1,15 @@
+---
+- name: Start Nginx
+  service:
+    name: nginx
+    state: started
+
+- name: Reload Nginx
+  service:
+    name: nginx
+    state: reloaded
+
+- name: Restart Nginx
+  service:
+    name: nginx
+    state: restarted

.ansible/.downloaded_roles/hispanico.nginx-revproxy/meta/.galaxy_install_info

@@ -0,0 +1,2 @@
+install_date: Sat Oct 19 07:58:59 2019
+version: v1.1.4

.ansible/.downloaded_roles/hispanico.nginx-revproxy/meta/main.yml

@@ -0,0 +1,23 @@
+galaxy_info:
+  author: Hispanico
+  description: Manage Nginx as Reverse Proxy
+  license: GPLv3
+
+  min_ansible_version: 2.4
+
+  platforms:
+  - name: Ubuntu
+    versions:
+    - trusty
+    - xenial
+
+  galaxy_tags:
+  - development
+  - web
+  - nginx
+  - reverse
+  - proxy
+  - load
+  - balancer
+
+dependencies: []

.ansible/.downloaded_roles/hispanico.nginx-revproxy/tasks/letsencrypt.yml

@@ -0,0 +1,97 @@
+---
+- name: Install certbot
+  get_url:
+    url: https://dl.eff.org/certbot-auto
+    dest: /usr/bin/certbot-auto
+    mode: "a+x"
+  tags:
+    - lesencrypt
+    - nginxrevproxy
+
+- name: Get Active Sites
+  command: ls -1 /etc/nginx/sites-enabled/
+  changed_when: "active.stdout_lines != nginx_revproxy_sites.keys()|sort()"
+  check_mode: no
+  register: active
+  tags:
+    - lesencrypt
+    - nginxrevproxy
+
+- name: Enable sites for ACME protocol
+  block:
+    - name: Add Https Site Config
+      template:
+        src: reverseproxy_ssl.conf.j2
+        dest: /etc/nginx/sites-available/{{ item.key }}.conf
+        owner: root
+        group: root
+      with_dict: "{{ nginx_revproxy_sites }}"
+      register: siteconfig
+      when:
+        - item.value.letsencrypt | default(False)
+        - item.key not in active.stdout_lines
+
+    - name: Enable Site Config
+      file:
+        src: /etc/nginx/sites-available/{{ item.key }}.conf
+        dest: /etc/nginx/sites-enabled/{{ item.key }}
+        state: link
+      with_dict: "{{ nginx_revproxy_sites }}"
+      register: site_enabled
+      when:
+        - siteconfig is success
+        - not ansible_check_mode
+        - item.value.letsencrypt | default(False)
+        - item.key not in active.stdout_lines
+
+    - name: Reload Nginx
+      service:
+        name: nginx
+        state: reloaded
+      when:
+        - site_enabled is success
+  when:
+    - active.changed
+    - nginxinstalled is success
+  tags:
+    - lesencrypt
+    - nginxrevproxy
+
+- name: Generate certs (first time)
+  command: |
+    certbot-auto certonly
+    --webroot -w /var/www/{{ item.key }}
+    -d {{ item.value.domains | join(' -d ') }}
+    --email {{ item.value.letsencrypt_email }}
+    --non-interactive --cert-name {{ item.key }}
+    --agree-tos creates=/etc/letsencrypt/live/{{ item.key }}/fullchain.pem
+  with_dict: "{{ nginx_revproxy_sites }}"
+  when: item.value.letsencrypt | default(False)
+  tags:
+    - lesencrypt
+    - nginxrevproxy
+
+- name: Update Site Config
+  template:
+    src: reverseproxy_ssl_letsencrypt.conf.j2
+    dest: /etc/nginx/sites-available/{{ item.key }}.conf
+    owner: root
+    group: root
+  with_dict: "{{ nginx_revproxy_sites }}"
+  notify: Reload Nginx
+  when:
+    - item.value.letsencrypt | default(False)
+  tags:
+    - lesencrypt
+    - nginxrevproxy
+
+- name: Insert cert-bot renew in crontab
+  cron:
+    name: "cert-bot renew"
+    job: 'certbot-auto renew --post-hook "systemctl reload nginx" >> /var/log/letsencrypt/letsencrypt-update.log 2>&1'
+    hour: "3"
+    minute: "30"
+    weekday: "1"
+  tags:
+    - lesencrypt
+    - nginxrevproxy