From 165e22ab5e9db82c7bf4a6460487690f4d2793eb Mon Sep 17 00:00:00 2001
From: Julian Labus <julian@labus-online.de>
Date: Thu, 21 Mar 2019 15:49:01 +0100
Subject: [PATCH] Role service-nginx-firmware: add proxy to
 downloads.openwrt.org

---
 roles/service-nginx-firmware/tasks/main.yml   |  9 +++++++++
 .../templates/opkg_vhost.conf.j2              | 20 +++++++++++++++++++
 2 files changed, 29 insertions(+)
 create mode 100644 roles/service-nginx-firmware/templates/opkg_vhost.conf.j2

diff --git a/roles/service-nginx-firmware/tasks/main.yml b/roles/service-nginx-firmware/tasks/main.yml
index ffde07a..c2894d8 100644
--- a/roles/service-nginx-firmware/tasks/main.yml
+++ b/roles/service-nginx-firmware/tasks/main.yml
@@ -39,3 +39,12 @@
     group: root
     mode: 0644
   notify: reload nginx
+
+- name: write opkg.conf
+  template:
+    src: opkg_vhost.conf.j2
+    dest: /etc/nginx/conf.d/opkg.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: reload nginx
diff --git a/roles/service-nginx-firmware/templates/opkg_vhost.conf.j2 b/roles/service-nginx-firmware/templates/opkg_vhost.conf.j2
new file mode 100644
index 0000000..6f4f5ba
--- /dev/null
+++ b/roles/service-nginx-firmware/templates/opkg_vhost.conf.j2
@@ -0,0 +1,20 @@
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name opkg.{{ http_domain_internal }};
+
+    allow 127.0.0.0/8;
+    allow ::1;
+{% for prefix in internal_prefixes %}
+    allow {{ prefix.ipv4 }};
+    allow {{ prefix.ipv6 }};
+{% endfor%}
+    deny all;
+
+    location / {
+      proxy_pass https://downloads.openwrt.org/;
+      proxy_connect_timeout 6s;
+    }
+
+}