change blog role to static

add security.txt

roles/static/files/security.txt

@@ -0,0 +1 @@
+testje

roles/static/meta/main.yml

@@ -0,0 +1,4 @@
+dependencies:
+  - role: common
+  - role: docker
+  - role: traefik

roles/static/tasks/main.yml

@@ -0,0 +1,38 @@
+- name: Create service directory
+  file:
+    path: "{{ service_dir }}"
+    state: directory
+- name: Clone git repo
+  git:
+    repo: "{{ git_origin }}"
+    dest: "{{ service_dir }}/git"
+  register: repo
+- name: Add open permissions for git repo
+  file:
+    path: "{{ service_dir }}/git"
+    state: directory
+    mode: 0757
+- name: Generate static files
+  command:
+    cmd: "docker run --rm --volume=\"{{ service_dir }}/git:/srv/jekyll:Z\" -it jekyll/minimal jekyll build"
+    chdir: "{{ service_dir }}"
+  when: repo.changed
+- name: Copy security.txt
+  copy:
+    src: "{{ role_path }}/files/security.txt"
+    dest: "{{ service_dir }}/security.txt"
+- name: Copy docker compose file
+  template:
+    src: "{{ role_path }}/templates/docker-compose.yml.j2"
+    dest: "{{ service_dir }}/docker-compose.yml"
+- name: Copy nginx config
+  template:
+    src: "{{ role_path }}/templates/nginx.conf.j2"
+    dest: "{{ service_dir }}/nginx.conf"
+  register: nginx_conf
+- name: Start docker compose
+  docker_compose:
+    project_src: "{{ service_dir }}"
+    pull: true
+    remove_orphans: true
+    restarted: "{{ nginx_conf.changed }}"

roles/static/templates/docker-compose.yml.j2

@@ -0,0 +1,26 @@
+version: "3.8"
+
+services:
+  blog:
+    image: nginx
+    container_name: blog
+    restart: always
+    volumes:
+      - {{ service_dir }}/git/templates:/etc/nginx/templates
+      - {{ service_dir }}/git/_site:/var/www/blog
+      - {{ service_dir }}/nginx.conf:/etc/nginx/conf.d/default.conf
+      - {{ service_dir }}/security.txt:/var/www/blog/security.txt
+    networks:
+      - traefik
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.blog.entrypoints=websecure
+      - "traefik.http.routers.blog.rule=(Host(`{{ domain_name_pim }}`) || Path(`/security.txt`, `/.well-known/security.txt`))"
+      - traefik.http.routers.blog.tls=true
+      - traefik.http.routers.blog.tls.certresolver=letsencrypt
+      - traefik.http.routers.blog.service=blog
+      - traefik.http.services.blog.loadbalancer.server.port=80
+
+networks:
+  traefik:
+    external: true

roles/static/templates/nginx.conf.j2

@@ -0,0 +1,48 @@
+server {
+	listen 80 default_server;
+
+	location /security.txt {
+		return 301 https://$host/.well-known/security.txt;
+	}
+
+	location /.well-known/security.txt {
+		add_header Content-Type 'text/plain';
+		add_header Cache-Control 'no-cache, no-store, must-revalidate';
+		add_header Pragma 'no-cache';
+		add_header Expires '0';
+		add_header Vary '*';
+		return 200 "Contact: mailto:pim@kunis.nl\nExpires: 1970-01-01T00:00:00.000Z\nPreferred-Languages: en,nl\n";
+	}
+}
+
+server {
+	listen 80;
+	server_name {{ domain_name_pim }};
+	index index.html index.htm;
+	root /var/www/blog;
+
+	location /security.txt {
+		return 301 https://$host/.well-known/security.txt;
+	}
+
+	location /.well-known/security.txt {
+		add_header Content-Type 'text/plain';
+		add_header Cache-Control 'no-cache, no-store, must-revalidate';
+		add_header Pragma 'no-cache';
+		add_header Expires '0';
+		add_header Vary '*';
+		return 200 "Contact: mailto:pim@kunis.nl\nExpires: 1970-01-01T00:00:00.000Z\nPreferred-Languages: en,nl\n";
+	}
+
+	location / {
+	    try_files $uri $uri/ /index.html;
+	}
+
+	location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
+	    expires 30d;
+	    add_header Pragma public;
+	    add_header Cache-Control "public";
+	}
+
+	error_page 404 /404.html;
+}

roles/static/vars/main.yml

@@ -0,0 +1,3 @@
+service_name: static
+service_dir: "{{ base_service_dir }}/{{ service_name }}"
+git_origin: https://git.pim.kunis.nl/pim/static.git