diff --git a/group_vars/constellation-front.yml b/group_vars/constellation-front.yml
index e621e946bb09d8cfecb2d17777911bf8f89c371a..8ebc68ecf019b73e84d748590866e47701798320 100644
--- a/group_vars/constellation-front.yml
+++ b/group_vars/constellation-front.yml
@@ -1,5 +1,5 @@
---
-loc_nginx:
+service_nginx:
service_name: constellation
ssl: []
servers:
diff --git a/group_vars/django_cas.yml b/group_vars/django_cas.yml
index d7556ebbd89355f25d50f55b5e287644dbe28f96..6103e8fa410487e6fd971224ef9d39b3826bb7a0 100644
--- a/group_vars/django_cas.yml
+++ b/group_vars/django_cas.yml
@@ -16,7 +16,7 @@ glob_django_cas:
host: "{{ query('ldap', 'ip', 'redisdead', 'adm') | ipv4 | first }}"
port: 25
-loc_nginx:
+service_nginx:
service_name: "cas"
ssl: []
servers:
diff --git a/group_vars/gitlab.yml b/group_vars/gitlab.yml
index 7311a58597ea09173bbaf664360def3a12b1fd65..41df6c93d9311475f08d66a20e12c39e515d81b4 100644
--- a/group_vars/gitlab.yml
+++ b/group_vars/gitlab.yml
@@ -20,5 +20,17 @@ glob_gitlab:
address: "{{ query('ldap', 'ip', 'redisdead', 'adm') | first }}"
port: 25
+service_nginx:
+ ssl:
+ - name: adm.crans.org
+ cert: /etc/letsencrypt/live/adm.crans.org/fullchain.pem
+ cert_key: /etc/letsencrypt/live/adm.crans.org/privkey.pem
+ trusted_cert: /etc/letsencrypt/live/adm.crans.org/chain.pem
+ - name: crans.org
+ cert: /etc/letsencrypt/live/crans.org/fullchain.pem
+ cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
+ trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
+ servers: []
+
glob_irker:
name: GitlabBot
diff --git a/group_vars/jitsi.yml b/group_vars/jitsi.yml
index 7a9a38ad47147f24120b945d86b58e413f8e25d3..4d31c00d143a7250935e8006b5a0559435869038 100644
--- a/group_vars/jitsi.yml
+++ b/group_vars/jitsi.yml
@@ -1,6 +1,6 @@
---
# We use embedded Jitsi configuration
-loc_nginx:
+service_nginx:
servers: []
glob_jitsi:
diff --git a/group_vars/mailman.yml b/group_vars/mailman.yml
index e65ec8ee6e4ef7d9ce44b7ab7a6671c878dc1bf9..228879f4d6275529729816378ebe7f9f253beefe 100644
--- a/group_vars/mailman.yml
+++ b/group_vars/mailman.yml
@@ -1,9 +1,14 @@
---
-loc_nginx:
+service_nginx:
service_name: mailman3
upstreams:
- name: mailman3
server: "unix:/run/mailman3-web/uwsgi.sock fail_timeout=0"
+ default_server: lists.crans.org
+ default_ssl_server: lists.crans.org
+ auth_passwd:
+ Stop: "$apr1$NXaV5H7Q$J3ora3Jo5h775Y1nm93PN1"
+ deploy_robots_file: true
servers:
- ssl: false
server_name:
diff --git a/group_vars/roundcube.yml b/group_vars/roundcube.yml
index b2743bfd51191b74fbf3c3e3a759edc346ec582e..9ea42e3eb6d027582025457453790846e9922a5a 100644
--- a/group_vars/roundcube.yml
+++ b/group_vars/roundcube.yml
@@ -31,7 +31,7 @@ glob_roundcube:
larry: https://www.crans.org/images/crans_banner.png
classic: https://www.crans.org/images/crans_banner.png
-loc_nginx:
+service_nginx:
service_name: "roundcube"
ssl: []
servers:
diff --git a/group_vars/thelounge.yml b/group_vars/thelounge.yml
index fee11393d59d0edd521d0b12d91d6b21245ffee9..721b03da064cda9a41ffa6798555978887728228 100644
--- a/group_vars/thelounge.yml
+++ b/group_vars/thelounge.yml
@@ -24,3 +24,24 @@ glob_thelounge:
filter: "(objectclass=inetOrgPerson)"
base: "dc=crans,dc=org"
scope: "sub"
+
+service_nginx:
+ service_name: "thelounge"
+ servers:
+ - server_name:
+ - "irc.crans.org"
+ - "irc"
+ default: true
+ ssl: crans.org
+ locations:
+ - filter: "^~ /web/"
+ params:
+ - "proxy_pass http://localhost:9000/"
+ - "include \"/etc/nginx/snippets/options-proxypass.conf\""
+ - filter: "~ ^/$"
+ params:
+ - "return 302 https://irc.crans.org/web/"
+ - filter: "/"
+ params:
+ - "return 302 \"https://wiki.crans.org/VieCrans/UtiliserIrc#Via_l.27interface_web\""
+
diff --git a/group_vars/wiki.yml b/group_vars/wiki.yml
index 07e455230cfa5f1e8ce672a5154924176b560015..c351222ff9aca3653726b9534af5c466ec6f0b19 100644
--- a/group_vars/wiki.yml
+++ b/group_vars/wiki.yml
@@ -2,7 +2,7 @@
glob_moinmoin:
main: false
-loc_nginx:
+service_nginx:
service_name: wiki
ssl: []
servers:
diff --git a/host_vars/irc.adm.crans.org.yml b/host_vars/irc.adm.crans.org.yml
index 5ac2331e204323be125fac3fb518db797e3c5e3e..079b8f88ae19647ce19af9628084b6b767d3bd7a 100644
--- a/host_vars/irc.adm.crans.org.yml
+++ b/host_vars/irc.adm.crans.org.yml
@@ -3,26 +3,6 @@ interfaces:
adm: ens18
srv: ens19
-loc_nginx:
- service_name: "thelounge"
- servers:
- - server_name:
- - "irc.crans.org"
- - "irc"
- default: true
- ssl: crans.org
- locations:
- - filter: "^~ /web/"
- params:
- - "proxy_pass http://localhost:9000/"
- - "include \"/etc/nginx/snippets/options-proxypass.conf\""
- - filter: "~ ^/$"
- params:
- - "return 302 https://irc.crans.org/web/"
- - filter: "/"
- params:
- - "return 302 \"https://wiki.crans.org/VieCrans/UtiliserIrc#Via_l.27interface_web\""
-
loc_thelounge:
public: "true"
diff --git a/plays/cas.yml b/plays/cas.yml
index 634f03e4f4b2284fb6c1ea46823941e7845ef5c4..c96359a3e7896c922250f7c9670ba87b4986cbc3 100755
--- a/plays/cas.yml
+++ b/plays/cas.yml
@@ -5,7 +5,7 @@
- hosts: django_cas
vars:
django_cas: "{{ glob_django_cas | default({}) | combine(loc_django_cas | default({})) }}"
- nginx: "{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}"
+ nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
roles:
- django-cas
- nginx
diff --git a/plays/constellation.yml b/plays/constellation.yml
index 3a1d5fede82def81b79be7f5cb2154b4925c4fbb..a2cd33e0272c5cfc10059859bd3180e6ff634576 100755
--- a/plays/constellation.yml
+++ b/plays/constellation.yml
@@ -9,7 +9,7 @@
- hosts: constellation-front
vars:
constellation: "{{ glob_constellation | combine(loc_constellation | default({}), recursive=True) }}"
- nginx: "{{ glob_nginx | combine(loc_nginx | default({})) }}"
+ nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
roles:
- nginx
- constellation-front
diff --git a/plays/gitlab.yml b/plays/gitlab.yml
index f1cbc36a65663e62d6fa46a140cf76158fbd1daa..ad80bf7cecd57b7b771c720ade36ad53052d9b42 100755
--- a/plays/gitlab.yml
+++ b/plays/gitlab.yml
@@ -15,7 +15,7 @@
gitlab: '{{ glob_gitlab | default({}) | combine(loc_gitlab | default({}), recursive=True) }}'
irker: '{{ glob_irker | default({}) | combine(loc_irker | default({})) }}'
mirror: '{{ glob_mirror | default({}) | combine(loc_mirror | default({})) }}'
- nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+ nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
reverseproxy: '{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}'
roles:
- certbot
diff --git a/plays/irc.yml b/plays/irc.yml
index b0c12a8631d1bf9a9e9368b5dc0089ca29cadd9e..5cb047827ca93336d3e08b334e4913d3e09c876d 100755
--- a/plays/irc.yml
+++ b/plays/irc.yml
@@ -9,7 +9,7 @@
- hosts: thelounge,!adh_server
vars:
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
- nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+ nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
roles:
- certbot
- nginx
diff --git a/plays/jitsi.yml b/plays/jitsi.yml
index ee86ee5dbea99f8c97da29eec364d7529d4121db..a223750c92b26376a20cc409dcbd116a10b3fea8 100755
--- a/plays/jitsi.yml
+++ b/plays/jitsi.yml
@@ -3,7 +3,7 @@
- hosts: jitsi
vars:
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
- nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+ nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
jitsi: '{{ glob_jitsi | default({}) | combine(loc_jitsi | default({})) }}'
roles:
- certbot
diff --git a/plays/mailman.yml b/plays/mailman.yml
index cd80ad80ccf2e953a68f778888cbbf6b465c6971..760e60ed05237f58156149852dd7eb0434438647 100755
--- a/plays/mailman.yml
+++ b/plays/mailman.yml
@@ -5,7 +5,7 @@
vars:
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
mailman3: '{{ glob_mailman3 | default({}) | combine(loc_mailman3 | default({})) }}'
- nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+ nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
opendkim: '{{ glob_opendkim | combine(loc_opendkim | default({})) }}'
roles:
- certbot
diff --git a/plays/moinmoin.yml b/plays/moinmoin.yml
index 35207855f2aa8048a14445b27a68c26e3d595130..7874729becc51bd2859ac748faff192dc6d4c12e 100755
--- a/plays/moinmoin.yml
+++ b/plays/moinmoin.yml
@@ -10,7 +10,7 @@
- hosts: wiki
vars:
moinmoin: '{{ glob_moinmoin | default({}) | combine(loc_moinmoin | default({})) }}'
- nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+ nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
roles:
- moinmoin
- nginx
diff --git a/plays/reverse-proxy.yml b/plays/reverse-proxy.yml
index 3b03f0a9f2cb56b963aad38f15d51d55a6504e30..0767797d8fccec52525d02bd10594ddf948867f4 100755
--- a/plays/reverse-proxy.yml
+++ b/plays/reverse-proxy.yml
@@ -3,7 +3,7 @@
- hosts: reverseproxy
vars:
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
- nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+ nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
reverseproxy: '{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}'
roles:
- certbot
diff --git a/plays/roundcube.yml b/plays/roundcube.yml
index c57e892026bde30e596178384c3081772e977d47..e8faf799d3a553114382586fde56b25fab4b9eb4 100755
--- a/plays/roundcube.yml
+++ b/plays/roundcube.yml
@@ -3,7 +3,7 @@
- hosts: roundcube
vars:
- nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+ nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
roundcube: '{{ glob_roundcube | default({}) | combine(loc_roundcube | default({})) }}'
roles:
- roundcube