Add unifi role

And server.
2025-02-04 14:44:02 +01:00 · 2025-02-04 14:44:02 +01:00 · e95603fda9
parent 73555d2fd7
commit e95603fda9
4 changed files with 72 additions and 0 deletions
--- a/roles/unifi/handlers/main.yml
+++ b/roles/unifi/handlers/main.yml
@ -0,0 +1,10 @@
+- name: reload nginx
+  service:
+    name: nginx
+    state: reloaded
+  when: "'handler' not in ansible_skip_tags"
+
+- name: update package cache
+  package:
+    update_cache: yes
+  when: "'handler' not in ansible_skip_tags"
--- a/roles/unifi/tasks/main.yml
+++ b/roles/unifi/tasks/main.yml
@ -0,0 +1,35 @@
+- name: Add MongoDB repository
+  deb822_repository:
+    name: mongodb
+    uris: http://repo.mongodb.org/apt/debian
+    suites: '{{ ansible_distribution_release }}/mongodb-org/{{ mongodb_version }}'
+    components: main
+    architectures: amd64
+    signed_by: https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc
+
+- name: Add Unifi repository
+  deb822_repository:
+    name: unifi
+    uris: https://www.ui.com/downloads/unifi/debian
+    suites: stable
+    components: ubiquiti
+    architectures: amd64
+    signed_by: https://dl.ui.com/unifi/unifi-repo.gpg
+
+- name: Install unifi
+  package:
+    name: unifi
+    update_cache: yes
+
+- name: Set up nginx site
+  template:
+    dest: '/etc/nginx/sites-available/unifi.conf'
+    src: 'nginx.conf.j2'
+  notify: reload nginx
+
+- name: Enable nginx site
+  file:
+    dest: /etc/nginx/sites-enabled/unifi.conf
+    src: /etc/nginx/sites-available/unifi.conf
+    state: link
+  notify: reload nginx
--- a/roles/unifi/templates/nginx.conf.j2
+++ b/roles/unifi/templates/nginx.conf.j2
@ -0,0 +1,21 @@
+server {
+        listen 443 ssl;
+        listen [::]:443 ssl;
+	server_name {{ dns_name }};
+
+	ssl_certificate /etc/letsencrypt/live/{{ dns_name }}/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/{{ dns_name }}/privkey.pem;
+
+        location / {
+                proxy_pass https://localhost:8443;
+                proxy_buffering off;
+                proxy_http_version 1.1;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
+
+                # for websockets
+                proxy_set_header Connection "Upgrade";
+                proxy_set_header Upgrade $http_upgrade;
+        }
+}
--- a/setup.yml
+++ b/setup.yml
@ -84,6 +84,12 @@
  vars:
    user: netbox

+- hosts: unifi
+  roles:
+    - debian
+    - nginx
+    - unifi
+
 - hosts: web-front
  roles:
    - alpine