From 46bdda437d13d949deeb3dca84febdd6ed6bf8cf Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Thu, 3 Sep 2020 20:24:57 +0000
Subject: [PATCH] Add nginx to ns group

Used to authenticate certficates from letsencrypt.
---
 group_vars/ns.yml                | 2 ++
 host_vars/atl01.vultr.foo.sh.yml | 1 +
 playbooks/ns.yml                 | 4 ++++
 3 files changed, 7 insertions(+)

diff --git a/group_vars/ns.yml b/group_vars/ns.yml
index fbe167c..6700dff 100644
--- a/group_vars/ns.yml
+++ b/group_vars/ns.yml
@@ -3,6 +3,8 @@ firewall_in:
   - {proto: tcp, port: 22, from: [172.20.20.0/22, 81.175.130.44/32]}
   - {proto: tcp, port: 53}
   - {proto: udp, port: 53}
+  - {proto: tcp, port: 80}
+  - {proto: tcp, port: 443}
 #  - {proto: tcp, port: 853}
 
 ifstated_config: ifstated-ns.conf
diff --git a/host_vars/atl01.vultr.foo.sh.yml b/host_vars/atl01.vultr.foo.sh.yml
index 9047861..af4e516 100644
--- a/host_vars/atl01.vultr.foo.sh.yml
+++ b/host_vars/atl01.vultr.foo.sh.yml
@@ -1,2 +1,3 @@
 ---
 network_carp_interfaces: []
+nsd_server: ns2.foo.sh
diff --git a/playbooks/ns.yml b/playbooks/ns.yml
index e5b7ecc..6041536 100644
--- a/playbooks/ns.yml
+++ b/playbooks/ns.yml
@@ -12,5 +12,9 @@
   roles:
     - base
     - nsd
+    - role: nginx/server
+    - role: nginx/site
+      site: "{{ nsd_server }}"
+      redirect: https://www.foo.sh/
     - role: ifstated
       when: "'vultr' not in group_names"