(#39) xmpp2: set up Nginx

Author: ForNeVeR

xmpp2/files/nginx/nginx.conf

@@ -0,0 +1,30 @@
+# SPDX-FileCopyrightText: 2016-2025 Friedrich von Never <[email protected]>
+#
+# SPDX-License-Identifier: MIT
+
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+error_log /var/log/nginx/error.log;
+
+events {
+    worker_connections 768;
+}
+
+http {
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 60;
+    types_hash_max_size 2048;
+
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
+    ssl_prefer_server_ciphers on;
+
+    gzip on;
+
+    include /etc/nginx/conf.d/*.conf;
+}

xmpp2/nginx.yml

@@ -6,6 +6,13 @@
 - name: Install and configure Nginx
   hosts: xmpp2
   become: true
+
+  handlers:
+    - name: Reload nginx
+      ansible.builtin.service:
+        name: nginx
+        state: reloaded
+
   tasks:
     - name: Update apt cache
       ansible.builtin.apt:
@@ -17,8 +24,18 @@
         name: nginx
         state: present
 
-    - name: Start and enable nginx service
-      ansible.builtin.service:
-        name: nginx
-        state: started
-        enabled: true
+    - name: Remove the *-enabled and *-available directories
+      ansible.builtin.file:
+        path: "/etc/nginx/{{ item }}"
+        state: absent
+      loop:
+        - modules-available
+        - modules-enabled
+        - sites-available
+        - sites-enabled
+
+    - name: Set up the main nginx configuration file
+      ansible.builtin.copy:
+        src: nginx/nginx.conf
+        dest: /etc/nginx/nginx.conf
+      notify: Reload nginx