Waow

3 files changed, 74 insertions, 17 deletions

diff --git a/playbooks/roles/nginx-proxy/tasks/main.yml b/playbooks/roles/nginx-proxy/tasks/main.yml
index 50958e7..aa7f922 100644
--- a/playbooks/roles/nginx-proxy/tasks/main.yml
+++ b/playbooks/roles/nginx-proxy/tasks/main.yml
@@ -1,17 +1,13 @@
 ---
 
-- name: Build nginx-proxy compose dirs
-  ansible.builtin.file:
-    state: directory
-    dest: '{{ nginx_proxy_base }}/{{ item.path }}'
-  with_filetree: '../templates'
-  when: item.state == 'directory'
-
-- name: Build nginx-proxy compose files
-  ansible.builtin.template:
-    src: '{{ item.src }}'
-    dest: '{{ nginx_proxy_base }}/{{ item.path }}'
-  with_filetree: '../templates'
-  when: item.state == 'file'
-  notify:
-    - (Re)start nginx-proxy
+- name: Deploy nginx-proxy
+  ansible.builtin.import_tasks: manage-docker-compose-service.yml
+  vars:
+    service_name: nginx-proxy
+    template_render_dir: "../templates"
+    service_destination_dir: "{{ nginx_proxy_base }}"
+    state: restarted
+#   can't rollout the nginx-proxy without a parent reverse proxy. which
+#   would need a reverse proxy to rollout. which would need a... yeah you
+#   get the idea.
+#   rollout_services:
diff --git a/playbooks/roles/nginx-proxy/templates/docker-compose.yml b/playbooks/roles/nginx-proxy/templates/docker-compose.yml
index e0f56c4..c97f858 100644
--- a/playbooks/roles/nginx-proxy/templates/docker-compose.yml
+++ b/playbooks/roles/nginx-proxy/templates/docker-compose.yml
@@ -5,11 +5,24 @@ services:
     image: nginxproxy/nginx-proxy
     container_name: nginx-proxy
     ports:
+      # http
       - "80:80"
       - "443:443"
+      # smtp
+      - "25:25"
+      - "465:465"
+      - "587:587"
+      # imap
+      - "993:993"
+      # sieve
+      - "4190:4190"
     volumes:
       - /var/run/docker.sock:/tmp/docker.sock:ro
       - {{ nginx_proxy_base }}/certs:/etc/nginx/certs
+      - {{ nginx_proxy_base }}/toplevel.conf.d:/etc/nginx/toplevel.conf.d
+    environment:
+      - TZ={{ timezone }}
+      - DEPLOYMENT_TIME={{ now() }}
     networks:
       - proxy
     labels:
@@ -24,8 +37,10 @@ services:
       - acme:/etc/acme.sh
       - {{ nginx_proxy_base }}/certs:/etc/nginx/certs
     environment:
-      - "DEFAULT_EMAIL={{ certs_email }}"
-      - "ACME_CHALLENGE=DNS-01"
+      - TZ={{ timezone }}
+      - DEPLOYMENT_TIME={{ now() }}
+      - DEFAULT_EMAIL={{ certs_email }}
+      - ACME_CHALLENGE=DNS-01
       - "ACMESH_DNS_API_CONFIG={'DNS_API': 'dns_cf', 'CF_Key': '{{ cloudflare_token }}', 'CF_Email': '{{ cloudflare_email }}'}"
     networks:
       - proxy
diff --git a/playbooks/roles/nginx-proxy/templates/toplevel.conf.d/stream.conf b/playbooks/roles/nginx-proxy/templates/toplevel.conf.d/stream.conf
new file mode 100644
index 0000000..7e3b39d
--- /dev/null
+++ b/playbooks/roles/nginx-proxy/templates/toplevel.conf.d/stream.conf
@@ -0,0 +1,46 @@
+stream {
+    log_format basic '$proxy_protocol_addr - [$time_local] '
+                     '$protocol $status $bytes_sent $bytes_received '
+                     '$session_time';
+    upstream imaps {
+        server {{ vpn_proxy_filter_container_name }}:993;
+    }
+    upstream smtps {
+        server {{ vpn_proxy_filter_container_name }}:465;
+    }
+    upstream smtptls {
+        server {{ vpn_proxy_filter_container_name }}:587;
+    }
+    upstream smtp {
+        server {{ vpn_proxy_filter_container_name }}:25;
+    }
+    upstream managesieve {
+        server {{ vpn_proxy_filter_container_name }}:4190;
+    }
+
+    server {
+        listen     993;
+        proxy_pass imaps;
+        proxy_protocol on;
+    }
+    server {
+        listen     25;
+        proxy_pass smtp;
+        proxy_protocol on;
+    }
+    server {
+        listen     587;
+        proxy_pass smtptls;
+        proxy_protocol on;
+    }
+    server {
+        listen     465;
+        proxy_pass smtps;
+        proxy_protocol on;
+    }
+    server {
+        listen     4190;
+        proxy_pass managesieve;
+        proxy_protocol on;
+    }
+}