connectivity

1---
2# ========================================
3# NGINX REVERSE PROXY MANAGER DEPLOYMENT
4# ========================================
5# Deploys Nginx Proxy Manager with MariaDB backend
6# Provides web UI for reverse proxy configuration
7
8- name: "Display Nginx Proxy Manager deployment information"
9  ansible.builtin.debug:
10    msg:
11      - "Deploying Nginx Proxy Manager service"
12      - "Service: {{ connectivity_nginx_proxy_service_name }}"
13      - "Admin Port: {{ connectivity_nginx_proxy_admin_port }}"
14      - "HTTP Port: {{ connectivity_nginx_proxy_http_port }}"
15      - "HTTPS Port: {{ connectivity_nginx_proxy_https_port }}"
16      - "Database enabled: {{ connectivity_nginx_proxy_db_enabled }}"
17  tags: [nginx-proxy]
18
19- name: "Create Nginx Proxy Manager data directories"
20  ansible.builtin.file:
21    path: "{{ connectivity_docker_base_path }}/nginx-proxy/{{ item }}"
22    state: directory
23    owner: "{{ connectivity_docker_owner }}"
24    group: "{{ connectivity_docker_group }}"
25    mode: "0755"
26  loop:
27    - data
28    - letsencrypt
29    - database
30  tags: [nginx-proxy, directories]
31
32- name: "Create Nginx Proxy Manager Docker Compose file"
33  ansible.builtin.template:
34    src: nginx-proxy-compose.yml.j2
35    dest: "{{ connectivity_docker_base_path }}/nginx-proxy/docker-compose.yml"
36    owner: "{{ connectivity_docker_owner }}"
37    group: "{{ connectivity_docker_group }}"
38    mode: "0644"
39  notify: restart nginx-proxy
40  tags: [nginx-proxy, compose]
41
42- name: "Create Nginx Proxy Manager environment file"
43  ansible.builtin.template:
44    src: nginx-proxy.env.j2
45    dest: "{{ connectivity_docker_base_path }}/nginx-proxy/.env"
46    owner: "{{ connectivity_docker_owner }}"
47    group: "{{ connectivity_docker_group }}"
48    mode: "0600"  # Secure environment file with DB credentials
49  notify: restart nginx-proxy
50  tags: [nginx-proxy, config, secrets]
51
52- name: "Create Nginx Proxy Manager custom configuration"
53  ansible.builtin.template:
54    src: nginx-proxy-custom.conf.j2
55    dest: "{{ connectivity_docker_base_path }}/nginx-proxy/data/nginx/custom.conf"
56    owner: "{{ connectivity_docker_owner }}"
57    group: "{{ connectivity_docker_group }}"
58    mode: "0644"
59  notify: restart nginx-proxy
60  tags: [nginx-proxy, config]
61
62- name: "Allow Nginx Proxy Manager ports through firewall"
63  ansible.builtin.ufw:
64    rule: allow
65    port: "{{ item.port }}"
66    proto: "{{ item.proto }}"
67    comment: "{{ item.comment }}"
68  loop:
69    - { port: "{{ connectivity_nginx_proxy_admin_port }}", proto: "tcp", comment: "Nginx Proxy Manager Admin" }
70    - { port: "{{ connectivity_nginx_proxy_http_port }}", proto: "tcp", comment: "HTTP Reverse Proxy" }
71    - { port: "{{ connectivity_nginx_proxy_https_port }}", proto: "tcp", comment: "HTTPS Reverse Proxy" }
72  tags: [nginx-proxy, firewall]
73
74- name: "Start Nginx Proxy Manager database (if enabled)"
75  community.docker.docker_compose:
76    project_src: "{{ connectivity_docker_base_path }}/nginx-proxy"
77    services:
78      - "{{ connectivity_nginx_proxy_db_container_name }}"
79    pull: yes
80    state: present
81  when: nginx_proxy_db_enabled | default(true)
82  tags: [nginx-proxy, database]
83
84- name: "Wait for database to be ready"
85  ansible.builtin.wait_for:
86    port: 3306
87    host: 127.0.0.1
88    delay: 10
89    timeout: 60
90  when: nginx_proxy_db_enabled | default(true)
91  tags: [nginx-proxy, database]
92
93- name: "Start Nginx Proxy Manager service"
94  community.docker.docker_compose:
95    project_src: "{{ connectivity_docker_base_path }}/nginx-proxy"
96    pull: yes
97    state: present
98  tags: [nginx-proxy, service]
99
100- name: "Wait for Nginx Proxy Manager to be ready"
101  ansible.builtin.wait_for:
102    port: "{{ connectivity_nginx_proxy_admin_port }}"
103    host: "{{ ansible_default_ipv4.address }}"
104    delay: 15
105    timeout: 120
106  tags: [nginx-proxy, health]
107
108- name: "Verify Nginx Proxy Manager container is running"
109  community.docker.docker_container_info:
110    name: "{{ connectivity_nginx_proxy_container_name }}"
111  register: connectivity_nginx_proxy_container_status
112  tags: [nginx-proxy, verify]
113
114- name: "Verify Nginx Proxy Manager database container is running"
115  community.docker.docker_container_info:
116    name: "{{ connectivity_nginx_proxy_db_container_name }}"
117  register: connectivity_nginx_proxy_db_status
118  when: nginx_proxy_db_enabled | default(true)
119  tags: [nginx-proxy, verify]
120
121- name: "Display Nginx Proxy Manager service status"
122  ansible.builtin.debug:
123    msg:
124      - "Nginx Proxy Manager deployed successfully"
125      - "Container status: {{ connectivity_nginx_proxy_container_status.container.State.Status | default('Unknown') }}"
126      - "Database status: {{ connectivity_nginx_proxy_db_status.container.State.Status | default('Disabled') }}"
127      - "Admin UI: http://{{ ansible_default_ipv4.address }}:{{ connectivity_nginx_proxy_admin_port }}"
128      - "HTTP Proxy: {{ ansible_default_ipv4.address }}:{{ connectivity_nginx_proxy_http_port }}"
129      - "HTTPS Proxy: {{ ansible_default_ipv4.address }}:{{ connectivity_nginx_proxy_https_port }}"
130      - ""
131      - "Default login credentials:"
132      - "Email: [email protected]"
133      - "Password: changeme"
134      - "⚠️  Change default credentials immediately!"
135      - ""
136      - "Next steps:"
137      - "1. Login and change default credentials"
138      - "2. Configure SSL certificates"
139      - "3. Add proxy hosts for your services"
140  tags: [nginx-proxy, info]
141
142- name: "Create Nginx Proxy Manager backup script"
143  ansible.builtin.template:
144    src: nginx-proxy-backup.sh.j2
145    dest: "{{ connectivity_docker_base_path }}/nginx-proxy/scripts/backup.sh"
146    owner: "{{ connectivity_docker_owner }}"
147    group: "{{ connectivity_docker_group }}"
148    mode: "0755"
149  tags: [nginx-proxy, backup]
150
151- name: "Create Nginx Proxy Manager health check script"
152  ansible.builtin.template:
153    src: nginx-proxy-health-check.sh.j2
154    dest: "{{ connectivity_docker_base_path }}/nginx-proxy/scripts/health-check.sh"
155    owner: "{{ connectivity_docker_owner }}"
156    group: "{{ connectivity_docker_group }}"
157    mode: "0755"
158  tags: [nginx-proxy, monitoring]
159
160- name: "Create Nginx Proxy Manager configuration helper script"
161  ansible.builtin.template:
162    src: nginx-proxy-helper.sh.j2
163    dest: "{{ connectivity_docker_base_path }}/nginx-proxy/scripts/config-helper.sh"
164    owner: "{{ connectivity_docker_owner }}"
165    group: "{{ connectivity_docker_group }}"
166    mode: "0755"
167  tags: [nginx-proxy, scripts]
168
169- name: "Label Nginx Proxy Manager containers for connectivity service group"
170  community.docker.docker_container:
171    name: "{{ item.name }}"
172    labels:
173      com.connectivity.service: "nginx-proxy"
174      com.connectivity.type: "{{ item.type }}"
175      com.connectivity.port: "{{ item.port }}"
176    state: started
177    recreate: no
178  loop:
179    - { name: "{{ connectivity_nginx_proxy_container_name }}", type: "proxy", port: "{{ connectivity_nginx_proxy_admin_port }}" }
180    - { name: "{{ connectivity_nginx_proxy_db_container_name }}", type: "database", port: "3306" }
181  when: item.name in (ansible_facts.docker_containers | default([]))
182  tags: [nginx-proxy, labels]