From 5cb291bdfdeae698bbdb575e96f70e287f26f22a Mon Sep 17 00:00:00 2001
From: Sheppy <sheppy@atlantishq.de>
Date: Sun, 28 May 2023 17:06:53 +0200
Subject: [PATCH] feat: media configuration with cert header

---
 playbook.yaml                      |  1 +
 roles/media/files/htpasswd         |  2 ++
 roles/media/files/nginx_media.conf | 28 ++++++++++++++++++++++++++++
 roles/media/meta/main.yml          |  2 ++
 roles/media/tasks/main.yaml        | 17 +++++++++++++++++
 5 files changed, 50 insertions(+)
 create mode 100644 roles/media/files/htpasswd
 create mode 100644 roles/media/files/nginx_media.conf
 create mode 100644 roles/media/meta/main.yml
 create mode 100644 roles/media/tasks/main.yaml

diff --git a/playbook.yaml b/playbook.yaml
index abfd2e8..fd051bb 100644
--- a/playbook.yaml
+++ b/playbook.yaml
@@ -11,6 +11,7 @@
 - hosts: web1
   roles:
     - { role : web1, tags : [ "web1" ] }
+    - { role : media, tags : [ "media" ] }
 
 - hosts: mail
   roles:
diff --git a/roles/media/files/htpasswd b/roles/media/files/htpasswd
new file mode 100644
index 0000000..eaa76ca
--- /dev/null
+++ b/roles/media/files/htpasswd
@@ -0,0 +1,2 @@
+kathi:$y$j9T$HISTORY_PURGED_SECRET
+sheppy:$y$HISTORY_PURGED_SECRET
diff --git a/roles/media/files/nginx_media.conf b/roles/media/files/nginx_media.conf
new file mode 100644
index 0000000..353383e
--- /dev/null
+++ b/roles/media/files/nginx_media.conf
@@ -0,0 +1,28 @@
+map $http_x_nginx_cert_auth $basic_auth_val {
+    default "private";
+    true off;
+} 
+
+server {
+
+
+    autoindex on;
+    autoindex_localtime on;
+
+    listen 8000;
+    root /var/www/media;
+
+    add_header Vary Accept-Encoding;
+    add_header Access-Control-Allow-Origin $http_origin;
+
+    location /videos/{
+        default_type video/mp4;
+        limit_rate 2m;
+        autoindex on;
+    }
+
+    location /auth/{
+        auth_basic $basic_auth_val;
+        auth_basic_user_file /etc/nginx/htpasswd;
+    }
+}
diff --git a/roles/media/meta/main.yml b/roles/media/meta/main.yml
new file mode 100644
index 0000000..c808c92
--- /dev/null
+++ b/roles/media/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+    - global-handlers
diff --git a/roles/media/tasks/main.yaml b/roles/media/tasks/main.yaml
new file mode 100644
index 0000000..33cc7be
--- /dev/null
+++ b/roles/media/tasks/main.yaml
@@ -0,0 +1,17 @@
+- name: Install Nginx
+  apt:
+    pkg:
+      - nginx
+    state: present
+
+- name: Deploy nginx-config (page)
+  copy:
+    src: nginx_media.conf
+    dest: /etc/nginx/sites-available/media.conf
+  notify: restart nginx
+
+- name: Deploy nginx basic auth file
+  copy:
+    src: htpasswd
+    dest: /etc/nginx/
+  notify: restart nginx