add httpd and other fun stuff

2022-06-03 19:33:48 -07:00 · 2022-06-03 19:33:48 -07:00 · 2d6d4a125c
commit 2d6d4a125c
parent 10e220d550
4 changed files with 73 additions and 0 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -4,4 +4,14 @@
  service:
    name: gitea
    state: restarted
+
+- name: restart_httpd
+  service:
+    name: httpd
+    state: restarted
+
+- name: restart_nginx
+  service:
+    name: nginx
+    state: restarted
 ...
--- a/tasks/gitea/install.yml
+++ b/tasks/gitea/install.yml
@ -30,6 +30,36 @@
 #   - gitea_web_install == "caddy"
 #   - gitea_web_config|bool

+- name: "Install httpd"
+  dnf:
+    name: httpd
+    state: present
+  when:
+    - gitea_web_install == "httpd"
+    - gitea_web_config|bool
+
+- name: "Start and enable httpd"
+  ansible.builtin.systemd:
+    name: httpd.service
+    enabled: true
+    state: started
+  when:
+    - gitea_web_install == "httpd"
+    - gitea_web_config|bool
+
+- name: "Deploy httpd"
+  ansible.builtin.template:
+    src: etc/httpd/conf.d/gitea.conf.j2
+    dest: /etc/httpd/conf.d/gitea.conf
+    owner: root
+    group: root
+    mode: '0644'
+  when:
+    - gitea_web_install == "httpd"
+    - gitea_web_config|bool
+  notify:
+    - restart_httpd
+
 # Setup CSS Themes
 - name:
  ansible.builtin.file:
--- a/templates/etc/httpd/conf.d/gitea.conf.j2
+++ b/templates/etc/httpd/conf.d/gitea.conf.j2
@ -0,0 +1,30 @@
+<VirtualHost *:80>
+  ServerName {{ gitea_basename }}
+  ServerAlias {{ gitea_basename }}
+  ProxyPreserveHost On
+  ProxyRequests Off
+  AllowEncodedSlashes NoDecode
+  ProxyPass / http://localhost:3000/ nocanon
+  ProxyPassReverse / http://localhost:3000/ nocanon
+  ServerAdmin {{ gitea_server_admin }}
+</VirtualHost>
+
+<VirtualHost *:443>
+  Protocols h2 http/1.1
+  SSLEngine On
+  ServerName {{ gitea_basename }}
+  ServerAlias {{ gitea_basename }}
+  ProxyPreserveHost On
+  ProxyRequests Off
+  AllowEncodedSlashes NoDecode
+  ProxyPass / http://localhost:3000/ nocanon
+  ProxyPassReverse / http://localhost:3000/ nocanon
+
+  SSLEngine on
+  SSLHonorCipherOrder on
+  SSLCipherSuite PROFILE=SYSTEM
+  SSLProxyCipherSuite PROFILE=SYSTEM
+  SSLCertificateFile /etc/pki/tls/certs/{{ gitea_basename }}.crt
+  SSLCertificateKeyFile /etc/pki/tls/private/{{ gitea_basename }}.key
+  ServerAdmin {{ gitea_server_admin }}
+</VirtualHost>
--- a/vars/common.yml
+++ b/vars/common.yml
@ -7,6 +7,9 @@ gitea_web_config_certs_external: "false"
 gitea_themes: "auto,gitea,arc-green,gitea-blue,gitea-modern,carbonred,darkred,pitchblack"
 gitea_basename: "git.resf.org"
 gitea_automation_user: "rockyautomation"
+gitea_raise_memlock_nofile_limits: "true"
+gitea_net_cap: "true"
+gitea_server_admin: "infrastructure@rockylinux.org"

 # Certs issued by FreeIPA Only
 ipa_getcert_requested_hostnames: