+ fix install tmux plugin check

+ nginx master proxy dummy things

#861m7vaer Шаблон операционной системы на Debian 10

debops/files/etc/nginx-master-proxy/conf.d/sample-filecloud.conf.example

@@ -0,0 +1,18 @@
+server {
+    listen 80;
+    server_name domain;
+    client_max_body_size 0;
+    location / {
+        proxy_pass http://lxc_host;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_connect_timeout 600;
+        proxy_send_timeout 600;
+        proxy_read_timeout 600;
+        send_timeout 600;
+    }
+    listen 443 ssl;
+    ssl_certificate /etc/letsencrypt/tmp/domain/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/tmp/domain/privkey.pem;
+}

debops/files/etc/nginx-master-proxy/conf.d/sample-s3.conf.example

@@ -0,0 +1,20 @@
+server {
+    listen 80;
+    server_name domain;
+    ignore_invalid_headers off;
+    client_max_body_size 0;
+    proxy_buffering off;
+    location / {
+        proxy_pass http://lxc_host:9000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+        # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+        chunked_transfer_encoding off;
+    }
+    listen 443 ssl;
+    ssl_certificate /etc/letsencrypt/tmp/domain/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/tmp/domain/privkey.pem;
+}

debops/files/etc/nginx-master-proxy/conf.d/sample-website.conf.example

@@ -0,0 +1,13 @@
+server {
+    listen 80;
+    server_name domain;
+    location / {
+        proxy_pass https://lxc_host;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+    listen 443 ssl;
+    ssl_certificate /etc/letsencrypt/tmp/domain/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/tmp/domain/privkey.pem;
+}

debops/files/etc/nginx-master-proxy/conf.d/sample-youtrack.conf.example

@@ -0,0 +1,32 @@
+server {
+    listen 80;
+    server_name domain;
+    location / {
+        proxy_pass http://lxc_host:8080;
+        access_log off;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+        client_max_body_size 60m;
+        proxy_http_version 1.1;
+    }
+    location /api/eventSourceBus {
+        proxy_pass http://lxc_host:8080;
+        access_log off;
+        proxy_cache off;
+        proxy_buffering off;
+        proxy_read_timeout 86400s;
+        proxy_send_timeout 86400s;
+        proxy_set_header Connection '';
+        chunked_transfer_encoding off;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+    }
+    listen 443 ssl;
+    ssl_certificate /etc/letsencrypt/tmp/domain/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/tmp/domain/privkey.pem;
+}

debops/nginx-master-proxy.yml

@@ -0,0 +1,29 @@
+---
+
+- name: Manage master nginx proxy
+  collections: [ 'debops.debops', 'debops.roles01',
+                 'debops.roles02', 'debops.roles03' ]
+  hosts: [ 'debian10' ]
+  become: True
+
+  environment: '{{ inventory__environment | d({})
+                   | combine(inventory__group_environment | d({}))
+                   | combine(inventory__host_environment  | d({})) }}'
+
+  vars:
+    nginx_acme: True
+    nginx_real_ip_from: ['172.16.30.0/24']
+    nginx_default_keepalive_timeout: 65
+    nginx_ocsp: False
+    nginx_worker_processes: auto
+
+  pre_tasks:
+    - name: Copy Nginx Master Proxy config examples
+      copy:
+        src: etc/nginx-master-proxy/conf.d
+        dest: /etc/nginx/
+        mode: 0644
+
+  roles:
+    - role: nginx
+      tags: [ 'role::nginx', 'skip::nginx' ]

debops/root_account.yml

@@ -17,7 +17,7 @@
 
   post_tasks:
     - name: Tmux Plugins Manager
-      shell: git clone https://github.com/tmux-plugins/tpm ~/.tmux/plugins/tpm && ~/.tmux/plugins/tpm/bin/install_plugins
+      shell: test -d ~/.tmux/plugins/tpm || git clone https://github.com/tmux-plugins/tpm ~/.tmux/plugins/tpm && ~/.tmux/plugins/tpm/bin/install_plugins
 
   roles:
     - role: root_account

group_vars/all.yml

@@ -3,6 +3,7 @@
 ansible_user: root
 remote_user: root
 
+keyring__keyserver: hkp://keyserver.ubuntu.com:80
 # Add further variables which apply to all servers to this file...
 
 ...

nginx-site.yml

@@ -1,13 +1,17 @@
 ---
+- import_playbook: playbooks/own/allow-releaseinfo-change.yml
+- import_playbook: playbooks/own/locales.yml
 - import_playbook: debops/tzdata.yml
 - import_playbook: debops/pki.yml
+- import_playbook: debops/yadm.yml
+- import_playbook: debops/root_account.yml
+- import_playbook: debops/sudo.yml
+- import_playbook: debops/system_users.yml
 - import_playbook: debops/mariadb.yml
 - import_playbook: debops/php-prod.yml
 - import_playbook: debops/nginx.yml
 - import_playbook: debops/nodejs.yml
 - import_playbook: debops/redis.yml
-- import_playbook: debops/users.yml
-- import_playbook: debops/sudo.yml
 - import_playbook: playbooks/own/var-www-set-ownerships.yml
 
 # Import all other group playbooks in this file...