From 8a39c6f06236dcf0ca3fe687262c8e3297965548 Mon Sep 17 00:00:00 2001
From: Paul ALNET <paul@tawkie.fr>
Date: Tue, 26 Dec 2023 18:04:12 +0100
Subject: [PATCH] feat(wg-admin): add nginx config

---
 .../tasks/setup_nginx_proxy.yml               | 13 +++++++++++
 .../conf.d/matrix-admin-wireguard.conf.j2     | 23 +++++++++++++++++++
 .../systemd/matrix-nginx-proxy.service.j2     |  3 +++
 3 files changed, 39 insertions(+)
 create mode 100644 roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-admin-wireguard.conf.j2

diff --git a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
index 338ada2fb..9ba085695 100644
--- a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
+++ b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
@@ -61,6 +61,19 @@
     state: absent
   when: "not matrix_nginx_proxy_proxy_synapse_enabled | bool"
 
+- name: Ensure Matrix nginx-admin-wireguard configuration for matrix-admin-wireguard exists
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/nginx/conf.d/matrix-admin-wireguard.conf.j2"
+    dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-admin-wireguard.conf"
+    mode: 0644
+  when: matrix_admin_wireguard_enabled | bool
+
+- name: Ensure Matrix nginx-admin-wireguard configuration for matrix-admin-wireguard deleted
+  ansible.builtin.file:
+    path: "{{ matrix_nginx_proxy_confd_path }}/matrix-admin-wireguard.conf"
+    state: absent
+  when: "not matrix_admin_wireguard_enabled | bool"
+
 - name: Ensure Matrix nginx-proxy configuration for matrix-dendrite exists
   ansible.builtin.template:
     src: "{{ role_path }}/templates/nginx/conf.d/matrix-dendrite.conf.j2"
diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-admin-wireguard.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-admin-wireguard.conf.j2
new file mode 100644
index 000000000..3455b9bbb
--- /dev/null
+++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-admin-wireguard.conf.j2
@@ -0,0 +1,23 @@
+{% if matrix_admin_wireguard_enabled %}
+server {
+
+	listen 8090;
+        root /dev/null;
+        gzip on;
+        gzip_types text/plain application/json;
+
+        location ~ ^/(.*) {
+	        resolver 127.0.0.11 valid=5s;
+	        set $backend "matrix-nginx-proxy:12080";
+	        proxy_pass http://$backend;
+
+	        proxy_set_header Host $host;
+	        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+
+	        client_body_buffer_size 25M;
+	        client_max_body_size 50M;
+	        proxy_max_temp_file_size 0;
+        }
+}
+{% endif %}
diff --git a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
index f302c92e0..f00c5b57c 100755
--- a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
+++ b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
@@ -29,6 +29,9 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% if matrix_nginx_proxy_container_http_host_bind_port %}
 			-p {{ matrix_nginx_proxy_container_http_host_bind_port }}:8080 \
 			{% endif %}
+			{% if matrix_admin_wireguard_enabled %}
+			-p {{ matrix_admin_wireguard_ip }}:{{ matrix_admin_wireguard_port }}:8090 \
+			{% endif %}
 			{% if matrix_nginx_proxy_https_enabled and matrix_nginx_proxy_container_https_host_bind_port %}
 			-p {{ matrix_nginx_proxy_container_https_host_bind_port }}:8443 \
 			{% endif %}