Cransible mailman nginx configuration

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>

Cransible mailman nginx configuration
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
244e1c28 · ynerant · 84fb96ea · 244e1c28 · 244e1c28 · 244e1c28
Commit 244e1c28 authored 4 years ago by ynerant
--- a/group_vars/mailman.yml
+++ b/group_vars/mailman.yml
+---
+loc_nginx:
+  default_server: lists.crans.org
+  default_ssl_server: lists.crans.org
+  servers:
+    - server_name:
+      - lists.crans.org
+      ssl: true
+      root: "/usr/lib/cgi-bin/mailman/"
+      index:
+        - index.htm
+        - index.html
+      locations:
+        - filter: "/error/"
+          params:
+            - "internal"
+            - "alias /var/www"
+        - filter: "/create"
+          params:
+            - "default_type text/html"
+            - "alias /etc/mailman/create.txt"
+        - filter: "~ ^/$"
+          params:
+            - "return 302 https://lists.crans.org/listinfo"
+        - filter: "~ ^/admin"
+          params:
+            - "satisfy any"
+            - "include \"/etc/nginx/snippets/fastcgi.conf\""
+            - "allow 185.230.76.0/22"
+            - "allow 2a0c:700:0::/40"
+            - "deny all"
+            - "auth_basic \"On n'aime pas les spambots, donc on a mis un mot de passe. Le login est Stop et le mot de passe est Spam.\""
+            - "auth_basic_user_file /etc/nginx/passwd"
+            - "error_page 401 /error/custom_401.html"
+        - filter: "~ ^/admin"
+          params:
+            - "satisfy any"
+            - "include \"/etc/nginx/snippets/fastcgi.conf\""
+            - "allow 185.230.76.0/22"
+            - "allow 2a0c:700:0::/40"
+            - "deny all"
+            - "auth_basic \"On n'aime pas les spambots, donc on a mis un mot de passe. Le login est Stop et le mot de passe est Spam.\""
+            - "auth_basic_user_file /etc/nginx/passwd"
+            - "error_page 401 /error/custom_401.html"
+        - filter: "/images/mailman"
+          params:
+            - "alias /usr/share/images/mailman"
+        - filter: "/robots.txt"
+          params:
+            - "alias /var/www/robots.txt"
+        - filter: "/archives"
+          params:
+            - "alias /var/lib/mailman/archives/public"
+            - "autoindex on"
--- a/hosts
+++ b/hosts
@@ -77,6 +77,9 @@ sputnik.adm.crans.org
 [linx]
 linx.adm.crans.org

+[mailman]
+redisdead.adm.crans.org
+
 [monitoring]
 monitoring.adm.crans.org


--- a/roles/nginx/templates/nginx/sites-available/service.j2
+++ b/roles/nginx/templates/nginx/sites-available/service.j2
@@ -14,32 +14,32 @@ server {
    listen [::]:443 default_server ssl;
    include "/etc/nginx/snippets/options-ssl.conf";

-    server_name {{ ngix.default_ssl_host }};
+    server_name {{ ngix.default_ssl_server }};
    charset utf-8;

    # Hide Nginx version
    server_tokens off;

    location / {
-        return 302 https://{{ nginx.default_ssl_host }}$request_uri;
+        return 302 https://{{ nginx.default_ssl_server }}$request_uri;
    }
 }
 {% endif -%}

-{% if nginx.default_host -%}
+{% if nginx.default_server -%}
 # Redirect all services to the main site
 server {
    listen 80 default_server;
    listen [::]:80 default_server;

-    server_name {{ nginx.default_host }};
+    server_name {{ nginx.default_server }};
    charset utf-8;

    # Hide Nginx version
    server_tokens off;

    location / {
-        return 302 http://{{ nginx.default_host }}$request_uri;
+        return 302 http://{{ nginx.default_server }}$request_uri;
    }
 }
 {% endif -%}
@@ -83,7 +83,7 @@ server {
    root {{ server.root }};
    {% endif -%}
    {% if server.index -%}
-    index {{ server.index }};
+    index {{ server.index|join:" " }};
    {% endif -%}

    {% if server.access_log -%}
@@ -95,7 +95,9 @@ server {

    {% for location in server.locations -%}
    location {{ location.filter }} {
-        {{ location.params|join:"\n        "|unsafe }}
+        {% for param in params -%}
+        {{ param }};
+        {% endfor -%}
    }
    {% endfor -%}
 }