add bitwarden nginx config

3 files changed, 33 insertions, 0 deletions

diff --git a/modules/tozt/files/nginx/bitwarden-tls.conf b/modules/tozt/files/nginx/bitwarden-tls.conf
new file mode 100644
index 0000000..1345416
--- /dev/null
+++ b/modules/tozt/files/nginx/bitwarden-tls.conf
@@ -0,0 +1,14 @@
+server {
+    listen       443;
+    server_name  bitwarden.tozt.net;
+
+    access_log  /var/log/nginx/bitwarden.access.log;
+    error_log   /var/log/nginx/bitwarden.error.log;
+
+    include ssl;
+
+    location / {
+        proxy_pass http://127.0.0.1:8080/;
+    }
+}
+# vim:ft=nginx
diff --git a/modules/tozt/files/nginx/bitwarden.conf b/modules/tozt/files/nginx/bitwarden.conf
new file mode 100644
index 0000000..b827af0
--- /dev/null
+++ b/modules/tozt/files/nginx/bitwarden.conf
@@ -0,0 +1,10 @@
+server {
+    listen       80;
+    server_name  bitwarden.tozt.net;
+
+    access_log   /var/log/nginx/bitwarden.access.log;
+    error_log    /var/log/nginx/bitwarden.error.log;
+
+    rewrite      ^(.*) https://$host$1 permanent;
+}
+# vim:ft=nginx
diff --git a/modules/tozt/manifests/bitwarden.pp b/modules/tozt/manifests/bitwarden.pp
index b44d2da..0e6beda 100644
--- a/modules/tozt/manifests/bitwarden.pp
+++ b/modules/tozt/manifests/bitwarden.pp
@@ -1,7 +1,16 @@
 class tozt::bitwarden {
+  include tozt::certbot
   include tozt::persistent
 
   class { "bitwarden::server":
     data_dir => "/media/persistent/bitwarden";
   }
+
+  nginx::site {
+    "bitwarden-tls":
+      source => 'puppet:///modules/tozt/nginx/bitwarden-tls.conf',
+      require => Class['certbot'];
+    "bitwarden":
+      source => 'puppet:///modules/tozt/nginx/bitwarden.conf';
+  }
 }