From 680a6757b37e33046da68c54084bb2adb87b7d88 Mon Sep 17 00:00:00 2001
From: Bastian de Byl <bastian@bdebyl.net>
Date: Fri, 1 Oct 2021 21:17:18 -0400
Subject: [PATCH] CU-1hwjcnt Added home.bdebyl.net.conf for nginx (redirect
 external traffic)

---
 ansible/roles/http/defaults/main.yml            |  1 +
 ansible/roles/http/files/nginx/nginx.conf       |  3 +++
 ansible/roles/http/tasks/http.yml               |  3 ++-
 .../nginx/sites/home.bdebyl.net.conf.j2         | 17 +++++++++++++++++
 4 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 ansible/roles/http/templates/nginx/sites/home.bdebyl.net.conf.j2

diff --git a/ansible/roles/http/defaults/main.yml b/ansible/roles/http/defaults/main.yml
index d44d3f3..eba3a34 100644
--- a/ansible/roles/http/defaults/main.yml
+++ b/ansible/roles/http/defaults/main.yml
@@ -6,6 +6,7 @@ deps: [
 ]
 
 ci_server_name: ci.bdebyl.net
+home_server_name: home.bdebyl.net
 install_path: /usr/share
 
 nginx_path: /etc/nginx
diff --git a/ansible/roles/http/files/nginx/nginx.conf b/ansible/roles/http/files/nginx/nginx.conf
index 8076812..fff4796 100644
--- a/ansible/roles/http/files/nginx/nginx.conf
+++ b/ansible/roles/http/files/nginx/nginx.conf
@@ -28,6 +28,9 @@ http {
 
   gzip on;
   gzip_disable "mise6";
+  gzip_min_length 1000;
+  gzip_proxied    expired no-cache no-store private auth;
+  gzip_types      text/plain application/xml application/json application/javascript application/octet-stream text/css;
 
   # client_body_buffer_size     1k;
   # client_header_buffer_size   1k;
diff --git a/ansible/roles/http/tasks/http.yml b/ansible/roles/http/tasks/http.yml
index 580d4b6..a357025 100644
--- a/ansible/roles/http/tasks/http.yml
+++ b/ansible/roles/http/tasks/http.yml
@@ -13,7 +13,7 @@
   file:
     path: "/etc/nginx/{{ item }}"
     state: directory
-    mode: 0644
+    mode: 0755
   loop:
     - sites-enabled
     - sites-available
@@ -36,6 +36,7 @@
     mode: 0644
   loop:
     - "{{ ci_server_name }}.http.conf"
+    - "{{ home_server_name }}.conf"
   notify: restart_nginx
   tags: http
 
diff --git a/ansible/roles/http/templates/nginx/sites/home.bdebyl.net.conf.j2 b/ansible/roles/http/templates/nginx/sites/home.bdebyl.net.conf.j2
new file mode 100644
index 0000000..f63d2f5
--- /dev/null
+++ b/ansible/roles/http/templates/nginx/sites/home.bdebyl.net.conf.j2
@@ -0,0 +1,17 @@
+geo $whitelisted {
+  default 0;
+  192.168.1.1/24 1;
+}
+
+server {
+  listen 80;
+  listen 443 ssl;
+  server_name {{ home_server_name }};
+  if ($whitelisted = 1) {
+    return 302 http://pi.hole;
+  }
+
+  if ($whitelisted = 0) {
+    return 302 $scheme://bdebyl.net$request_uri;
+  }
+}