ctucx.git: ansible-configs

configuration/taurus add webmusic-nginx on music.ctu.cx, fix node-exporter

diff --git a/configuration/taurus.yml b/configuration/taurus.yml
@@ -17,6 +17,7 @@ system:
     - unzip
     - wget
     - curl
+    - webmusic-nginx
   nameservers:
     - 1.1.1.1
     - 8.8.8.8

@@ -59,6 +60,12 @@ files:
     mode:    "0755"
     owner:   "leah"
     group:   "nginx"
+  /etc/nginx/passwd/music.ctu.cx:
+    state:   "file"
+    content: "{{ lookup('diskcache', 'passwordstore', 'Server/{{system.hostname}}/passwd/music.ctu.cx returnall=true')}}"
+    mode:    "0600"
+    owner:   "nginx"
+    group:   "nginx"
 
 services:
   openssh:

@@ -97,22 +104,76 @@ services:
       photos.ctu.cx:
         renewTasks:
           - sudo rc-service nginx restart
+      music.ctu.cx:
+        renewTasks:
+          - sudo rc-service nginx restart
 
   nginx:
     enable: true
+    enableXSLTFilter: true
     user: nginx
     group: nginx
     sslOnly: true
+    extraConfig: "
+      server {
+              server_name webmusic.local;
+              listen 81;
+
+              access_log off;
+
+              allow 127.0.0.1;
+              deny all;
+
+              root /var/lib/websites/music.ctu.cx;
+
+              location / {
+                      autoindex on;
+                      autoindex_exact_size off;
+
+                      autoindex_format xml;
+                      xslt_string_param domain $http_domain;
+                      xslt_string_param path $uri;
+                      xslt_stylesheet /usr/share/webapps/webmusic-nginx/webmusic-playlist.xslt;
+              }
+      }
+    "
     vhosts:
       taurus.ctu.cx:
         defaultServer: true
         ssl:
-          enabled: true
+          enable: true
           cert: "/var/lib/acme-redirect/live/taurus.ctu.cx/fullchain"
           privkey: "/var/lib/acme-redirect/live/taurus.ctu.cx/privkey"
         locations:
           - path: /node-exporter
-            proxy: http://127.0.0.1:9100
+            proxy: http://127.0.0.1:9100/metrics
+      music.ctu.cx:
+        root: /var/lib/websites/music.ctu.cx
+        ssl:
+          enable: true
+          cert: "/var/lib/acme-redirect/live/music.ctu.cx/fullchain"
+          privkey: "/var/lib/acme-redirect/live/music.ctu.cx/privkey"
+        locations:
+          - path: "~ ^(.*/)$"
+            directoryListing: true
+            extraConfig: "
+              auth_basic 'Auth required';
+              auth_basic_user_file /etc/nginx/passwd/music.ctu.cx;
+
+              autoindex_format xml;
+              xslt_string_param path $uri;
+              xslt_stylesheet /usr/share/webapps/webmusic-nginx/webmusic.xslt;
+            "
+          - path: "~(.*)playlist.m3u$"
+            extraConfig: "
+              set $url http://127.0.0.1:81$1;
+              proxy_pass $url;
+              proxy_set_header Domain $scheme://$host;
+              proxy_hide_header 'Content-Type';
+              add_header 'Content-Type' 'text/plain';
+            "
+          - path: /assets/
+            extraConfig: "alias /usr/share/webapps/webmusic-nginx/;"
 
   syncthing:
     enable: true