Remove nginx role

roles/nginx/defaults/main.yml

@@ -1,9 +0,0 @@
----
-nginx_access_log: "off"
-nginx_ciphers: "ECDH+aRSA+CHACHA20:ECDH+aRSA+AESGCM"
-nginx_curves: "X25519:secp521r1:secp384r1"
-nginx_error_log: "/dev/null error"
-nginx_packages: [nginx]
-nginx_tls_versions: TLSv1.2 TLSv1.3
-nginx_worker_connections: 512
-nginx_worker_processes: auto

roles/nginx/files/error-pages/502.html

@@ -1,10 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-  <meta charset="utf-8">
-  <title>502 Bad Gateway</title>
-  <link rel="stylesheet" href="/_error-pages/style.css">
-</head>
-<body>
-  <img src="/_error-pages/bad_gateway.png" alt="Bad Gateway Sign" class="singleton">
-</body>

roles/nginx/files/error-pages/style.css

@@ -1,4 +0,0 @@
-img.singleton {
-  display: block;
-  margin: 10px auto;
-}

roles/nginx/files/openssl.cnf

@@ -1,10 +0,0 @@
-openssl_conf = default_conf
-
-[default_conf]
-ssl_conf = ssl_sect
-
-[ssl_sect]
-system_default = system_default_sect
-
-[system_default_sect]
-Ciphersuites = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256

roles/nginx/files/snippets/autoindex.conf

@@ -1,3 +0,0 @@
-autoindex on;
-autoindex_exact_size on;
-autoindex_localtime off;

roles/nginx/files/snippets/error-pages.conf

@@ -1,5 +0,0 @@
-error_page 502 /_error-pages/502.html;
-
-location ^~ /_error-pages {
-    root /var/www;
-}

roles/nginx/files/snippets/header-hsts.conf

@@ -1,4 +0,0 @@
-add_header Expect-CT "max-age=86400, enforce" always;
-add_header Strict-Transport-Security "max-age=31536000" always;
-proxy_hide_header Expect-CT;
-proxy_hide_header Strict-Transport-Security;

roles/nginx/files/snippets/header-security.conf

@@ -1,8 +0,0 @@
-add_header Referrer-Policy same-origin always;
-add_header X-Content-Type-Options nosniff always;
-add_header X-Frame-Options sameorigin always;
-add_header X-XSS-Protection "1; mode=block" always;
-proxy_hide_header Referrer-Policy;
-proxy_hide_header X-Content-Type-Options;
-proxy_hide_header X-Frame-Options;
-proxy_hide_header X-XSS-Protection;

roles/nginx/files/snippets/location-acme-srv01.conf

@@ -1,6 +0,0 @@
-location ^~ /.well-known/acme-challenge {
-    proxy_set_header Host $host;
-    proxy_set_header X-Forwarded-Proto $scheme;
-    proxy_pass http://srv01.hamburg.freifunk.net$request_uri;
-    access_log off;
-}

roles/nginx/files/snippets/location-acme.conf

@@ -1,5 +0,0 @@
-location ^~ /.well-known/acme-challenge {
-    root /var/www/_acme-challenge;
-    try_files $uri $uri/ =404;
-    access_log off;
-}

roles/nginx/files/snippets/no-unsafe-files.conf

@@ -1,8 +0,0 @@
-disable_symlinks if_not_owner from=$document_root;
-
-# Do not serve dotfiles.
-location ~ /\. {
-    deny all;
-    access_log off;
-    log_not_found off;
-}

roles/nginx/handlers/main.yml

@@ -1,10 +0,0 @@
----
-- name: reload nginx
-  service:
-    name: nginx
-    state: reloaded
-
-- name: restart nginx
-  service:
-    name: nginx
-    state: restarted

roles/nginx/tasks/main.yml

@@ -1,43 +0,0 @@
----
-- name: install nginx
-  apt:
-    name: "{{ nginx_packages }}"
-    cache_valid_time: 86400
-
-- name: create directories
-  file:
-    path: "{{ item }}"
-    state: directory
-  with_items:
-    - /var/www/_acme-challenge
-    - /var/www/_error-pages
-
-- name: copy error-pages
-  copy:
-    src: error-pages/
-    dest: /var/www/_error-pages/
-
-- name: copy snippets
-  copy:
-    src: snippets
-    dest: /etc/nginx/
-
-- name: copy openssl.cnf
-  copy:
-    src: openssl.cnf
-    dest: /etc/ssl/
-    backup: yes
-  notify: restart nginx
-
-- name: template nginx.conf
-  template:
-    src: nginx.conf
-    dest: /etc/nginx/
-    backup: yes
-  notify: reload nginx
-
-- name: remove default site
-  file:
-    path: /etc/nginx/sites-enabled/default
-    state: absent
-  notify: reload nginx

roles/nginx/templates/nginx.conf

@@ -1,76 +0,0 @@
-user www-data;
-worker_processes {{ nginx_worker_processes }};
-pid /run/nginx.pid;
-include /etc/nginx/modules-enabled/*.conf;
-
-events {
-    worker_connections {{ nginx_worker_connections }};
-    # multi_accept on;
-}
-
-http {
-
-    ##
-    # Basic Settings
-    ##
-
-    sendfile on;
-    tcp_nopush on;
-    tcp_nodelay on;
-    keepalive_timeout 65;
-    types_hash_max_size 2048;
-    server_tokens off;
-{% if nginx_resolver is defined %}
-    resolver {{ nginx_resolver }};
-{% endif %}
-
-    # server_names_hash_bucket_size 64;
-    # server_name_in_redirect off;
-
-    include /etc/nginx/mime.types;
-    default_type application/octet-stream;
-
-    ##
-    # SSL Settings
-    ##
-
-    ssl_protocols {{ nginx_tls_versions }};
-    ssl_ciphers {{ nginx_ciphers }};
-    ssl_ecdh_curve {{ nginx_curves }};
-    ssl_prefer_server_ciphers on;
-    ssl_session_cache shared:SSL:10M;
-    ssl_session_timeout 10m;
-    ssl_session_tickets off;
-{% if nginx_resolver is defined %}
-    ssl_stapling on;
-    ssl_stapling_verify on;
-{% endif %}
-
-    ##
-    # Logging Settings
-    ##
-
-    log_format privacy '$server_name:$server_port 127.0.0.1 - - [$time_local] "$request" $status $body_bytes_sent';
-    access_log {{ nginx_access_log }};
-    error_log {{ nginx_error_log }};
-
-    ##
-    # Gzip Settings
-    ##
-
-    gzip on;
-
-    # gzip_vary on;
-    # gzip_proxied any;
-    # gzip_comp_level 6;
-    # gzip_buffers 16 8k;
-    # gzip_http_version 1.1;
-    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
-
-    ##
-    # Virtual Host Configs
-    ##
-
-    include /etc/nginx/conf.d/*.conf;
-    include /etc/nginx/sites-enabled/*;
-}