Add gRPC support to nginx role

roles/nginx/defaults/main.yml

@@ -1,3 +1,4 @@
 ---
 nginx_certificate_path: /etc/sce-certbot
-nginx_sites: []
+nginx_proxy_pass: []
+nginx_grpc_pass: []

roles/nginx/tasks/grpc-pass.yml

@@ -0,0 +1,16 @@
+---
+- name: Install nginx template
+  ansible.builtin.template:
+    src: grpc-pass.j2
+    dest: /etc/nginx/sites-available/{{ site_name }}
+    mode: "0644"
+  notify: Reload nginx
+
+- name: Activate nginx configuration
+  ansible.builtin.file:
+    src: /etc/nginx/sites-available/{{ site_name }}
+    dest: /etc/nginx/sites-enabled/{{ site_name }}
+    owner: root
+    group: root
+    state: link
+  notify: Reload nginx

roles/nginx/tasks/main.yml

@@ -24,9 +24,17 @@
     path: /etc/nginx/passwdfile
   register: htpasswdfile
 
-- name: Iterate over configured nginx sites
-  ansible.builtin.include_tasks: site.yml
-  loop: "{{ nginx_sites }}"
+- name: Iterate over configured nginx sites (proxy pass)
+  ansible.builtin.include_tasks: proxy-pass.yml
+  loop: "{{ nginx_proxy_pass }}"
+  vars:
+    site_name: "{{ item['name'] }}"
+    site_port: "{{ item['port'] }}"
+    site_cert: "{{ item['cert'] }}"
+
+- name: Iterate over configured nginx sites (grpc pass)
+  ansible.builtin.include_tasks: grpc-pass.yml
+  loop: "{{ nginx_grpc_pass }}"
   vars:
     site_name: "{{ item['name'] }}"
     site_port: "{{ item['port'] }}"

roles/nginx/tasks/proxy-pass.yml

@@ -6,7 +6,7 @@
 
 - name: Install nginx template
   ansible.builtin.template:
-    src: nginx-server.j2
+    src: proxy-pass.j2
     dest: /etc/nginx/sites-available/{{ site_name }}
     mode: "0644"
   vars:

roles/nginx/templates/grpc-pass.j2

@@ -0,0 +1,14 @@
+# {{ ansible_managed }}
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+
+  server_name {{ site_name }};
+
+  ssl_certificate {{ nginx_certificate_path }}/{{ site_cert }}/fullchain.pem;
+  ssl_certificate_key {{ nginx_certificate_path }}/{{ site_cert }}/privkey.pem;
+
+  location / {
+    grpc_pass grpc://127.0.0.1:{{ site_port }};
+  }
+}