From e95603fda9c877ef6ea25b2b4c698b603110e07f Mon Sep 17 00:00:00 2001
From: Timotej Lazar <timotej.lazar@fri.uni-lj.si>
Date: Tue, 4 Feb 2025 14:44:02 +0100
Subject: [PATCH] Add unifi role

And server.
---
 roles/unifi/handlers/main.yml       | 10 +++++++++
 roles/unifi/tasks/main.yml          | 35 +++++++++++++++++++++++++++++
 roles/unifi/templates/nginx.conf.j2 | 21 +++++++++++++++++
 setup.yml                           |  6 +++++
 4 files changed, 72 insertions(+)
 create mode 100644 roles/unifi/handlers/main.yml
 create mode 100644 roles/unifi/tasks/main.yml
 create mode 100644 roles/unifi/templates/nginx.conf.j2

diff --git a/roles/unifi/handlers/main.yml b/roles/unifi/handlers/main.yml
new file mode 100644
index 0000000..46d07a7
--- /dev/null
+++ b/roles/unifi/handlers/main.yml
@@ -0,0 +1,10 @@
+- name: reload nginx
+  service:
+    name: nginx
+    state: reloaded
+  when: "'handler' not in ansible_skip_tags"
+
+- name: update package cache
+  package:
+    update_cache: yes
+  when: "'handler' not in ansible_skip_tags"
diff --git a/roles/unifi/tasks/main.yml b/roles/unifi/tasks/main.yml
new file mode 100644
index 0000000..228b1d9
--- /dev/null
+++ b/roles/unifi/tasks/main.yml
@@ -0,0 +1,35 @@
+- name: Add MongoDB repository
+  deb822_repository:
+    name: mongodb
+    uris: http://repo.mongodb.org/apt/debian
+    suites: '{{ ansible_distribution_release }}/mongodb-org/{{ mongodb_version }}'
+    components: main
+    architectures: amd64
+    signed_by: https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc
+
+- name: Add Unifi repository
+  deb822_repository:
+    name: unifi
+    uris: https://www.ui.com/downloads/unifi/debian
+    suites: stable
+    components: ubiquiti
+    architectures: amd64
+    signed_by: https://dl.ui.com/unifi/unifi-repo.gpg
+
+- name: Install unifi
+  package:
+    name: unifi
+    update_cache: yes
+
+- name: Set up nginx site
+  template:
+    dest: '/etc/nginx/sites-available/unifi.conf'
+    src: 'nginx.conf.j2'
+  notify: reload nginx
+
+- name: Enable nginx site
+  file:
+    dest: /etc/nginx/sites-enabled/unifi.conf
+    src: /etc/nginx/sites-available/unifi.conf
+    state: link
+  notify: reload nginx
diff --git a/roles/unifi/templates/nginx.conf.j2 b/roles/unifi/templates/nginx.conf.j2
new file mode 100644
index 0000000..29aa035
--- /dev/null
+++ b/roles/unifi/templates/nginx.conf.j2
@@ -0,0 +1,21 @@
+server {
+        listen 443 ssl;
+        listen [::]:443 ssl;
+	server_name {{ dns_name }};
+
+	ssl_certificate /etc/letsencrypt/live/{{ dns_name }}/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/{{ dns_name }}/privkey.pem;
+
+        location / {
+                proxy_pass https://localhost:8443;
+                proxy_buffering off;
+                proxy_http_version 1.1;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
+
+                # for websockets
+                proxy_set_header Connection "Upgrade";
+                proxy_set_header Upgrade $http_upgrade;
+        }
+}
\ No newline at end of file
diff --git a/setup.yml b/setup.yml
index 25b8f33..584daad 100644
--- a/setup.yml
+++ b/setup.yml
@@ -84,6 +84,12 @@
   vars:
     user: netbox
 
+- hosts: unifi
+  roles:
+    - debian
+    - nginx
+    - unifi
+
 - hosts: web-front
   roles:
     - alpine