first rev

.gitignore

@@ -0,0 +1 @@
+host_vars

install.sh

@@ -0,0 +1 @@
+ansible-playbook -i inventory.yml install.yml

install.yml

@@ -0,0 +1,107 @@
+---
+- name: Configurer Nginx avec authentification htpasswd et HTTPS via Certbot
+  hosts: all
+  become: yes
+
+  tasks:
+    - name: Mettre à jour la liste des paquets
+      apt:
+        update_cache: yes
+
+    - name: Upgrader tous les paquets
+      apt:
+        upgrade: dist
+
+    - name: Installer Nginx
+      apt:
+        name: nginx
+        state: present
+        update_cache: yes
+
+    - name: Démarrer et activer Nginx
+      service:
+        name: nginx
+        state: started
+        enabled: yes
+
+    - name: Créer le répertoire pour le site web
+      file:
+        path: "/var/www/{{ domain_name }}"
+        state: directory
+        owner: www-data
+        group: www-data
+        mode: '0755'
+
+#    - name: Créer une page d'accueil simple
+#      copy:
+#        content: |
+#          <html>
+#          <head><title>Bienvenue sur {{ domain_name }}</title></head>
+#          <body><h1>Bienvenue sur {{ domain_name }}</h1></body>
+#          </html>
+#        dest: "/var/www/{{ domain_name }}/index.html"
+#        owner: www-data
+#        group: www-data
+#        mode: '0644'
+
+    - name: Installer le paquet apache2-utils pour htpasswd
+      apt:
+        name: apache2-utils
+        state: present
+        update_cache: yes
+
+    - name: Créer le fichier htpasswd avec le premier utilisateur
+      command: >
+        htpasswd -bc {{ htpasswd_file }} {{ users[0].username }} {{ users[0].password }}
+      args:
+        creates: "{{ htpasswd_file }}"  # Ne recrée pas le fichier s'il existe déjà
+
+    - name: Ajouter les utilisateurs suivants au fichier htpasswd
+      command: >
+        htpasswd -b {{ htpasswd_file }} {{ item.username }} {{ item.password }}
+      loop: "{{ users[1:] }}"  # Ignore le premier utilisateur déjà ajouté
+      when: users | length > 1  # Exécute uniquement s'il y a plus d'un utilisateur
+
+    - name: Configurer le site Nginx avec authentification (HTTP)
+      template:
+        src: nginx_site_http.conf.j2
+        dest: "/etc/nginx/sites-available/{{ domain_name }}"
+        owner: root
+        group: root
+        mode: '0644'
+
+    - name: Activer le site Nginx
+      file:
+        src: "/etc/nginx/sites-available/{{ domain_name }}"
+        dest: "/etc/nginx/sites-enabled/{{ domain_name }}"
+        state: link
+
+    - name: Tester la configuration Nginx
+      command: nginx -t
+      register: nginx_test
+      changed_when: false
+      notify: Redémarrer Nginx
+
+    - name: Redémarrer Nginx pour appliquer les changements
+      service:
+        name: nginx
+        state: restarted
+
+    - name: Installer Certbot et le plugin Nginx
+      apt:
+        name:
+          - certbot
+          - python3-certbot-nginx
+        state: present
+        update_cache: yes
+
+    - name: Obtenir un certificat SSL avec Certbot
+      command: >
+        certbot --nginx -d {{ domain_name }} --non-interactive --agree-tos --email {{ email }} --redirect
+      notify: Redémarrer Nginx
+
+  handlers:
+    - name: Redémarrer Nginx
+      service:
+        name: nginx
+        state: restarted

inventory.yml

@@ -0,0 +1,8 @@
+all:
+  hosts:
+    intranet.whirlingai.fr:
+      ansible_python_interpreter: /usr/bin/python3
+  vars:
+    ansible_user: root
+    ansible_ssh_private_key_file: ./host_vars/forge.gwhirlingai.fr.key
+

nginx_site_http.conf.j2

@@ -0,0 +1,13 @@
+server {
+    listen 80;
+    server_name {{ domain_name }};
+
+    root /var/www/{{ domain_name }};
+    index index.html;
+
+    location / {
+        auth_basic "Accès restreint";
+        auth_basic_user_file {{ htpasswd_file }};
+        try_files $uri $uri/ =404;
+    }
+}

readme.md

@@ -0,0 +1,20 @@
+# Nginx Server
+
+This is a complete Ansible playbook to configure Nginx with basic authentication using htpasswd. 
+This playbook installs Nginx, configures a static website, and secures access with basic authentication.
+
+## Steps
+
+- Installation of Nginx: The playbook installs Nginx and ensures it is started and enabled.
+- Creation of the website directory: A directory is created to host the website files.
+- Creation of a simple homepage: A simple HTML page is created for the website.
+- Installation of apache2-utils: This package is necessary to use the htpasswd command.
+- Creation of the htpasswd file: A .htpasswd file is created with a username and password.
+- Configuration of the Nginx site: The nginx_site.conf.j2 template is used to configure Nginx with basic authentication.
+- Activation of the Nginx site: The site is enabled by creating a symbolic link in the sites-enabled directory.
+- Testing the Nginx configuration: The Nginx configuration is tested before restarting the service.
+- Restarting Nginx: Nginx is restarted to apply the changes.
+
+## TODO
+
+- use ansible vault for the user's credentials