From dc146df5f7e863065708b8e49e07e4007216626b Mon Sep 17 00:00:00 2001
From: Tobias Hachmer <tobias@hachmer.de>
Date: Fri, 27 Oct 2017 11:41:00 +0200
Subject: [PATCH] Add role service-nginx-firmware

---
 roles/service-nginx-firmware/README.md        | 22 ++++++++++
 roles/service-nginx-firmware/meta/main.yml    |  3 ++
 roles/service-nginx-firmware/tasks/main.yml   | 41 +++++++++++++++++++
 .../templates/firmware-sync.service.j2        | 11 +++++
 .../templates/firmware-sync.timer.j2          | 12 ++++++
 .../templates/firmware_vhost.conf.j2          | 32 +++++++++++++++
 6 files changed, 121 insertions(+)
 create mode 100644 roles/service-nginx-firmware/README.md
 create mode 100644 roles/service-nginx-firmware/meta/main.yml
 create mode 100644 roles/service-nginx-firmware/tasks/main.yml
 create mode 100644 roles/service-nginx-firmware/templates/firmware-sync.service.j2
 create mode 100644 roles/service-nginx-firmware/templates/firmware-sync.timer.j2
 create mode 100644 roles/service-nginx-firmware/templates/firmware_vhost.conf.j2

diff --git a/roles/service-nginx-firmware/README.md b/roles/service-nginx-firmware/README.md
new file mode 100644
index 0000000..77e5c75
--- /dev/null
+++ b/roles/service-nginx-firmware/README.md
@@ -0,0 +1,22 @@
+# Ansible role service-nginx-firmware
+
+Diese Ansible role konfiguriert die Firmware Synchronisation und die erforderlichen nginx vHosts.
+
+- verwaltet `/var/www/html/firmware`
+- installiert und konfiguriert den systemd timer firmware-sync
+- schreibt firmware.conf
+
+## Benötigte Variablen
+
+- Variable `http_domain_external` # string: Externe Freifunk MWU Domain
+- Variable `http_domain_internal` # string: Interne Freifunk MWU Domain
+- Dictionary `meshes`
+´´´
+meshes:
+  - id: xx
+...
+    site_name: # string
+...
+    http_domain_external: # string: Externe Mesh Domain
+    http_domain_internal: # string: Interne Mesh Domain
+´´´
diff --git a/roles/service-nginx-firmware/meta/main.yml b/roles/service-nginx-firmware/meta/main.yml
new file mode 100644
index 0000000..814b458
--- /dev/null
+++ b/roles/service-nginx-firmware/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: service-nginx }
diff --git a/roles/service-nginx-firmware/tasks/main.yml b/roles/service-nginx-firmware/tasks/main.yml
new file mode 100644
index 0000000..ffde07a
--- /dev/null
+++ b/roles/service-nginx-firmware/tasks/main.yml
@@ -0,0 +1,41 @@
+---
+- name: manage firmware directory
+  file:
+    path: /var/www/html/firmware
+    state: directory
+    mode: 0755
+    owner: www-data
+    group: www-data
+
+- name: write systemd unit firmware-sync.service
+  template:
+    src: firmware-sync.service.j2
+    dest: /etc/systemd/system/firmware-sync.service
+    owner: root
+    group: root
+    mode: 0644
+  notify: reload systemd
+
+- name: write systemd timer firmware-sync.timer
+  template:
+    src: firmware-sync.timer.j2
+    dest: /etc/systemd/system/firmware-sync.timer
+    owner: root
+    group: root
+    mode: 0644
+  notify: reload systemd
+
+- name: configure systemd unit/timer firmware-sync
+  systemd:
+    name: firmware-sync.timer
+    enabled: yes
+    state: started
+
+- name: write firmware.conf
+  template:
+    src: firmware_vhost.conf.j2
+    dest: /etc/nginx/conf.d/firmware.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: reload nginx
diff --git a/roles/service-nginx-firmware/templates/firmware-sync.service.j2 b/roles/service-nginx-firmware/templates/firmware-sync.service.j2
new file mode 100644
index 0000000..cc79408
--- /dev/null
+++ b/roles/service-nginx-firmware/templates/firmware-sync.service.j2
@@ -0,0 +1,11 @@
+#
+# {{ ansible_managed }}
+#
+[Unit]
+Description=Synchronize Freifunk MWU Firmware directory
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/rsync -avh4 --delete rsync://milchreis.freifunk-mwu.de:873/firmware /var/www/html/firmware
+User=www-data
+Group=www-data
diff --git a/roles/service-nginx-firmware/templates/firmware-sync.timer.j2 b/roles/service-nginx-firmware/templates/firmware-sync.timer.j2
new file mode 100644
index 0000000..1d995c3
--- /dev/null
+++ b/roles/service-nginx-firmware/templates/firmware-sync.timer.j2
@@ -0,0 +1,12 @@
+#
+# {{ ansible_managed }}
+#
+[Unit]
+Description=Timer which schedules firmware-sync.service
+
+[Timer]
+OnBootSec=30min
+OnUnitActiveSec=10min
+
+[Install]
+WantedBy=timers.target
diff --git a/roles/service-nginx-firmware/templates/firmware_vhost.conf.j2 b/roles/service-nginx-firmware/templates/firmware_vhost.conf.j2
new file mode 100644
index 0000000..e966631
--- /dev/null
+++ b/roles/service-nginx-firmware/templates/firmware_vhost.conf.j2
@@ -0,0 +1,32 @@
+server {
+    listen 80;
+    server_name firmware.{{ http_domain_internal }} firmware.{{ http_domain_external }};
+
+    charset utf-8;
+    server_tokens off;
+
+    root /var/www/html/firmware;
+    location / {
+        autoindex on;
+        autoindex_exact_size off;
+    }
+}
+
+{% for mesh in meshes %}
+server {
+    listen 80;
+    server_name firmware.{{ mesh.http_domain_internal }} firmware.{{ mesh.http_domain_external }};
+
+    charset utf-8;
+    server_tokens off;
+
+    root /var/www/html/firmware/{{ mesh.site_name.lower() }};
+    location / {
+        autoindex on;
+        autoindex_exact_size off;
+    }
+}
+{% if not loop.last %}
+
+{% endif %}
+{% endfor %}