✨ (linkstack): Added a new role linkstack

main.yml

@@ -117,6 +117,9 @@
     - role: monitoring
       tags: monitoring
 
+    - role: linkstack
+      tags: linkstack
+
     - role: vitalk.secure-ssh
       tags: ssh
       ssh_user: "{{ ansible_ssh_user }}"

roles/linkstack/files/docker-compose.yml

@@ -0,0 +1,16 @@
+version: "3.8"
+
+services:
+  linkstack:
+    image: linkstackorg/linkstack
+    container_name: linkstack
+    hostname: linkstack
+    env_file: .env
+    ports:
+      - "127.0.0.1:8880:80"
+    restart: unless-stopped
+    volumes:
+      - linkstack:/htdocs
+
+volumes:
+  linkstack:

roles/linkstack/tasks/main.yml

@@ -0,0 +1,18 @@
+- name: Include service role
+  ansible.builtin.include_role:
+    name: "service"
+  vars:
+    service_name: "linkstack"
+    service_fqdn: "links.{{ domain }}"
+    service_nginx_port: "8880"
+    service_certbot: true
+    service_nginx: false
+    service_tor: false
+    service_docker_compose: false
+    service_systemd_service: false
+
+- name: Copy LinkStack environment file
+  ansible.builtin.template:
+    src: ".env.j2"
+    dest: "{{ base_dir }}/linkstack/.env"
+    mode: "0640"

roles/linkstack/templates/.env.j2

@@ -0,0 +1,3 @@
+HTTP_SERVER_NAME: "links.{{ domain }}"
+HTTPS_SERVER_NAME: "links.{{ domain }}"
+SERVER_ADMIN: "{{ mailer_from }}"

roles/linkstack/templates/nginx.j2

@@ -0,0 +1,22 @@
+server {
+  include listen-443;
+  server_name {{ server_name }};
+
+  include ssl_params;
+  ssl_certificate /etc/letsencrypt/live/{{ server_name }}/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/{{ server_name }}/privkey.pem;
+
+  include header_params;
+
+  location / {
+    include proxy_params;
+
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Host $host;
+
+    # Fixes Mixed Content errors.
+    add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
+
+    proxy_pass http://localhost:{{ server_port }}/;
+  }
+}