From 2d6d4a125c8bbed2959be05d976241d8e97cbc95 Mon Sep 17 00:00:00 2001
From: nazunalika <tucklesepk@gmail.com>
Date: Fri, 3 Jun 2022 19:33:48 -0700
Subject: [PATCH] add httpd and other fun stuff

---
 handlers/main.yml                        | 10 ++++++++
 tasks/gitea/install.yml                  | 30 ++++++++++++++++++++++++
 templates/etc/httpd/conf.d/gitea.conf.j2 | 30 ++++++++++++++++++++++++
 vars/common.yml                          |  3 +++
 4 files changed, 73 insertions(+)
 create mode 100644 templates/etc/httpd/conf.d/gitea.conf.j2

diff --git a/handlers/main.yml b/handlers/main.yml
index cf33e55..d10821b 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -4,4 +4,14 @@
   service:
     name: gitea
     state: restarted
+
+- name: restart_httpd
+  service:
+    name: httpd
+    state: restarted
+
+- name: restart_nginx
+  service:
+    name: nginx
+    state: restarted
 ...
diff --git a/tasks/gitea/install.yml b/tasks/gitea/install.yml
index 58a1d8b..1aa27aa 100644
--- a/tasks/gitea/install.yml
+++ b/tasks/gitea/install.yml
@@ -30,6 +30,36 @@
 #   - gitea_web_install == "caddy"
 #   - gitea_web_config|bool
 
+- name: "Install httpd"
+  dnf:
+    name: httpd
+    state: present
+  when:
+    - gitea_web_install == "httpd"
+    - gitea_web_config|bool
+
+- name: "Start and enable httpd"
+  ansible.builtin.systemd:
+    name: httpd.service
+    enabled: true
+    state: started
+  when:
+    - gitea_web_install == "httpd"
+    - gitea_web_config|bool
+
+- name: "Deploy httpd"
+  ansible.builtin.template:
+    src: etc/httpd/conf.d/gitea.conf.j2
+    dest: /etc/httpd/conf.d/gitea.conf
+    owner: root
+    group: root
+    mode: '0644'
+  when:
+    - gitea_web_install == "httpd"
+    - gitea_web_config|bool
+  notify:
+    - restart_httpd
+
 # Setup CSS Themes
 - name:
   ansible.builtin.file:
diff --git a/templates/etc/httpd/conf.d/gitea.conf.j2 b/templates/etc/httpd/conf.d/gitea.conf.j2
new file mode 100644
index 0000000..e966ee8
--- /dev/null
+++ b/templates/etc/httpd/conf.d/gitea.conf.j2
@@ -0,0 +1,30 @@
+<VirtualHost *:80>
+  ServerName {{ gitea_basename }}
+  ServerAlias {{ gitea_basename }}
+  ProxyPreserveHost On
+  ProxyRequests Off
+  AllowEncodedSlashes NoDecode
+  ProxyPass / http://localhost:3000/ nocanon
+  ProxyPassReverse / http://localhost:3000/ nocanon
+  ServerAdmin {{ gitea_server_admin }}
+</VirtualHost>
+
+<VirtualHost *:443>
+  Protocols h2 http/1.1
+  SSLEngine On
+  ServerName {{ gitea_basename }}
+  ServerAlias {{ gitea_basename }}
+  ProxyPreserveHost On
+  ProxyRequests Off
+  AllowEncodedSlashes NoDecode
+  ProxyPass / http://localhost:3000/ nocanon
+  ProxyPassReverse / http://localhost:3000/ nocanon
+
+  SSLEngine on
+  SSLHonorCipherOrder on
+  SSLCipherSuite PROFILE=SYSTEM
+  SSLProxyCipherSuite PROFILE=SYSTEM
+  SSLCertificateFile /etc/pki/tls/certs/{{ gitea_basename }}.crt
+  SSLCertificateKeyFile /etc/pki/tls/private/{{ gitea_basename }}.key
+  ServerAdmin {{ gitea_server_admin }}
+</VirtualHost>
diff --git a/vars/common.yml b/vars/common.yml
index bf6c2ef..8dcc4de 100644
--- a/vars/common.yml
+++ b/vars/common.yml
@@ -7,6 +7,9 @@ gitea_web_config_certs_external: "false"
 gitea_themes: "auto,gitea,arc-green,gitea-blue,gitea-modern,carbonred,darkred,pitchblack"
 gitea_basename: "git.resf.org"
 gitea_automation_user: "rockyautomation"
+gitea_raise_memlock_nofile_limits: "true"
+gitea_net_cap: "true"
+gitea_server_admin: "infrastructure@rockylinux.org"
 
 # Certs issued by FreeIPA Only
 ipa_getcert_requested_hostnames: