commit e83a9abddfa85ef4e0ac1cac129f79f57271a3ba
Author: olli <olli@gabosh.net>
Date:   Sun Jul 10 10:51:15 2022 +0200

    first commit

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..e69de29
diff --git a/webmin.yml b/webmin.yml
new file mode 100644
index 0000000..4a8744b
--- /dev/null
+++ b/webmin.yml
@@ -0,0 +1,131 @@
+- name: Webmin setup
+  hosts: tor-nas.dedyn.io
+  tasks:
+
+    - name: Add webmin Apt signing key
+      ansible.builtin.apt_key:
+        url: https://download.webmin.com/jcameron-key.asc
+        state: present
+
+    - name: Add webmin repository
+      ansible.builtin.apt_repository:
+        repo: deb https://download.webmin.com/download/repository sarge contrib
+        state: present
+        filename: webmin
+
+    - name: Install webmin
+      apt:
+        name:
+          - libauthen-oath-perl
+          - webmin
+        update_cache: no
+        install_recommends: no
+
+    - name: /etc/webmin/miniserv.conf ssl
+      ansible.builtin.lineinfile:
+        path: /etc/webmin/miniserv.conf
+        regexp: '^ssl\=1$'
+        line: 'ssl=0'
+        backup: yes
+      notify:
+      - Restart webmin
+
+    - name: /etc/webmin/miniserv.conf redirect_host
+      ansible.builtin.lineinfile:
+        path: /etc/webmin/miniserv.conf
+        regexp: '^redirect_host\=.*$'
+        line: "redirect_host=webmin.{{inventory_hostname}}"
+        backup: yes
+      notify:
+      - Restart webmin
+
+    - name: /etc/webmin/miniserv.conf redirect_port
+      ansible.builtin.lineinfile:
+        path: /etc/webmin/miniserv.conf
+        regexp: '^redirect_port\=.*$'
+        line: "redirect_port=443"
+        backup: yes
+      notify:
+      - Restart webmin
+
+    - name: /etc/webmin/miniserv.conf redirect_port
+      ansible.builtin.lineinfile:
+        path: /etc/webmin/miniserv.conf
+        regexp: '^redirect_ssl\=.*$'
+        line: "redirect_ssl=1"
+        backup: yes
+      notify:
+      - Restart webmin
+
+    - name: /etc/webmin/miniserv.conf trust_real_ip
+      ansible.builtin.lineinfile:
+        path: /etc/webmin/miniserv.conf
+        line: "trust_real_ip=1"
+        backup: yes
+      notify:
+      - Restart webmin
+
+    - name: /etc/webmin/config referers
+      ansible.builtin.lineinfile:
+        path: /etc/webmin/config
+        regexp: '^referers='
+        line: "referers=webmin.{{inventory_hostname}}"
+        backup: yes
+      notify:
+      - Restart webmin
+
+    - name: /etc/webmin/rootpwfromadm.sh
+      blockinfile:
+        path: /etc/webmin/rootpwfromadm.sh
+        create: yes
+        mode: 0400
+        owner: root
+        group: root
+        marker: "# {mark} ANSIBLE MANAGED BLOCK"
+        block: |
+          grep ^tor-nasadm: /etc/shadow >/etc/webmin/miniserv.users
+          sed -i "s/^{{ ansible_facts['hostname'] }}adm/root/" /etc/webmin/miniserv.users
+          echo done >/etc/webmin/rootpwfromadm.sh.done
+        backup: yes
+      notify:
+      - Restart webmin
+
+    - name: Set initial Webin-internal-Root Passwort from admin User
+      ansible.builtin.shell: bash /etc/webmin/rootpwfromadm.sh
+      args:
+        chdir: /home/docker/nextcloud.{{inventory_hostname}}
+        creates: /etc/webmin/rootpwfromadm.sh.done
+
+    - name: /home/docker/traefik/providers/webmin.yml Webmin<->Traefik provider
+      blockinfile:
+        path: /home/docker/traefik/providers/webmin.yml
+        create: yes
+        mode: 0444
+        owner: root
+        group: docker
+        marker: "# {mark} ANSIBLE MANAGED BLOCK"
+        block: |
+          http:
+            routers:
+              webmin:
+                rule: "Host(`webmin.{{inventory_hostname}}`)"
+                service: webmin
+                entryPoints:
+                  - "https"
+                tls:
+                  certresolver:
+                    - "letsencrypt"
+                middlewares: secHeaders@file
+            services:
+              webmin:
+                loadBalancer:
+                  servers:
+                    - url: "http://192.168.41.1:10000"
+
+  handlers:
+
+    - name: Restart webmin
+      service:
+        name: webmin
+        state: restarted
+