+ Reverse proxy with nginx for internally hosted services

playbooks/alpha/nginx/main.yml

@@ -0,0 +1,46 @@
+# This playbook just installs nginx so that it is ready to configure
+# we don't bother with extra user accounts like with Beta because we
+# are only concerned with using nginx to serve fully containerized
+# applications. Not static files
+---
+- hosts: alpha
+  become: yes
+  tasks:
+    - name: Install Nginx
+      apt:
+        name: nginx
+        update_cache: yes
+        state: present
+
+    - name: Update Snap
+      community.general.snap:
+        name: core
+        state: present
+
+    - name: Install Certbot
+      community.general.snap:
+        name: certbot
+        classic: yes
+
+    - name: Push Searx Config
+      copy:
+        src: search.project-athens.xyz
+        dest: /etc/nginx/sites-available
+
+    - name: Enable Site in Nginx
+      file: 
+        src: /etc/nginx/sites-available/search.project-athens.xyz
+        dest: /etc/nginx/sites-enabled/search.project-athens.xyz
+        state: link
+
+    - name: Restart Nginx
+      service:
+        name: nginx
+        state: restarted
+
+    - name: Install Certificates for all sites on this host
+      command: >
+        certbot -n --nginx -m "{{CERT_EMAIL}}" --agree-tos
+        --domains "{{item}}"
+      loop:
+        - search.project-athens.xyz