From 26e65bb7bc2626212559ca6c3cc8ab400053ace4 Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <ynerant@crans.org>
Date: Wed, 24 Mar 2021 14:38:54 +0100
Subject: [PATCH] [nginx] Add service_nginx intermediary variable
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
---
group_vars/constellation-front.yml | 2 +-
group_vars/django_cas.yml | 2 +-
group_vars/gitlab.yml | 12 ++++++++++++
group_vars/jitsi.yml | 2 +-
group_vars/mailman.yml | 7 ++++++-
group_vars/roundcube.yml | 2 +-
group_vars/thelounge.yml | 21 +++++++++++++++++++++
group_vars/wiki.yml | 2 +-
host_vars/irc.adm.crans.org.yml | 20 --------------------
plays/cas.yml | 2 +-
plays/constellation.yml | 2 +-
plays/gitlab.yml | 2 +-
plays/irc.yml | 2 +-
plays/jitsi.yml | 2 +-
plays/mailman.yml | 2 +-
plays/moinmoin.yml | 2 +-
plays/reverse-proxy.yml | 2 +-
plays/roundcube.yml | 2 +-
18 files changed, 53 insertions(+), 35 deletions(-)
diff --git a/group_vars/constellation-front.yml b/group_vars/constellation-front.yml
index e621e946..8ebc68ec 100644
--- a/group_vars/constellation-front.yml
+++ b/group_vars/constellation-front.yml
@@ -1,5 +1,5 @@
---
-loc_nginx:
+service_nginx:
service_name: constellation
ssl: []
servers:
diff --git a/group_vars/django_cas.yml b/group_vars/django_cas.yml
index d7556ebb..6103e8fa 100644
--- a/group_vars/django_cas.yml
+++ b/group_vars/django_cas.yml
@@ -16,7 +16,7 @@ glob_django_cas:
host: "{{ query('ldap', 'ip', 'redisdead', 'adm') | ipv4 | first }}"
port: 25
-loc_nginx:
+service_nginx:
service_name: "cas"
ssl: []
servers:
diff --git a/group_vars/gitlab.yml b/group_vars/gitlab.yml
index 7311a585..41df6c93 100644
--- a/group_vars/gitlab.yml
+++ b/group_vars/gitlab.yml
@@ -20,5 +20,17 @@ glob_gitlab:
address: "{{ query('ldap', 'ip', 'redisdead', 'adm') | first }}"
port: 25
+service_nginx:
+ ssl:
+ - name: adm.crans.org
+ cert: /etc/letsencrypt/live/adm.crans.org/fullchain.pem
+ cert_key: /etc/letsencrypt/live/adm.crans.org/privkey.pem
+ trusted_cert: /etc/letsencrypt/live/adm.crans.org/chain.pem
+ - name: crans.org
+ cert: /etc/letsencrypt/live/crans.org/fullchain.pem
+ cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
+ trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
+ servers: []
+
glob_irker:
name: GitlabBot
diff --git a/group_vars/jitsi.yml b/group_vars/jitsi.yml
index 7a9a38ad..4d31c00d 100644
--- a/group_vars/jitsi.yml
+++ b/group_vars/jitsi.yml
@@ -1,6 +1,6 @@
---
# We use embedded Jitsi configuration
-loc_nginx:
+service_nginx:
servers: []
glob_jitsi:
diff --git a/group_vars/mailman.yml b/group_vars/mailman.yml
index e65ec8ee..228879f4 100644
--- a/group_vars/mailman.yml
+++ b/group_vars/mailman.yml
@@ -1,9 +1,14 @@
---
-loc_nginx:
+service_nginx:
service_name: mailman3
upstreams:
- name: mailman3
server: "unix:/run/mailman3-web/uwsgi.sock fail_timeout=0"
+ default_server: lists.crans.org
+ default_ssl_server: lists.crans.org
+ auth_passwd:
+ Stop: "$apr1$NXaV5H7Q$J3ora3Jo5h775Y1nm93PN1"
+ deploy_robots_file: true
servers:
- ssl: false
server_name:
diff --git a/group_vars/roundcube.yml b/group_vars/roundcube.yml
index b2743bfd..9ea42e3e 100644
--- a/group_vars/roundcube.yml
+++ b/group_vars/roundcube.yml
@@ -31,7 +31,7 @@ glob_roundcube:
larry: https://www.crans.org/images/crans_banner.png
classic: https://www.crans.org/images/crans_banner.png
-loc_nginx:
+service_nginx:
service_name: "roundcube"
ssl: []
servers:
diff --git a/group_vars/thelounge.yml b/group_vars/thelounge.yml
index fee11393..721b03da 100644
--- a/group_vars/thelounge.yml
+++ b/group_vars/thelounge.yml
@@ -24,3 +24,24 @@ glob_thelounge:
filter: "(objectclass=inetOrgPerson)"
base: "dc=crans,dc=org"
scope: "sub"
+
+service_nginx:
+ service_name: "thelounge"
+ servers:
+ - server_name:
+ - "irc.crans.org"
+ - "irc"
+ default: true
+ ssl: crans.org
+ locations:
+ - filter: "^~ /web/"
+ params:
+ - "proxy_pass http://localhost:9000/"
+ - "include \"/etc/nginx/snippets/options-proxypass.conf\""
+ - filter: "~ ^/$"
+ params:
+ - "return 302 https://irc.crans.org/web/"
+ - filter: "/"
+ params:
+ - "return 302 \"https://wiki.crans.org/VieCrans/UtiliserIrc#Via_l.27interface_web\""
+
diff --git a/group_vars/wiki.yml b/group_vars/wiki.yml
index 07e45523..c351222f 100644
--- a/group_vars/wiki.yml
+++ b/group_vars/wiki.yml
@@ -2,7 +2,7 @@
glob_moinmoin:
main: false
-loc_nginx:
+service_nginx:
service_name: wiki
ssl: []
servers:
diff --git a/host_vars/irc.adm.crans.org.yml b/host_vars/irc.adm.crans.org.yml
index 5ac2331e..079b8f88 100644
--- a/host_vars/irc.adm.crans.org.yml
+++ b/host_vars/irc.adm.crans.org.yml
@@ -3,26 +3,6 @@ interfaces:
adm: ens18
srv: ens19
-loc_nginx:
- service_name: "thelounge"
- servers:
- - server_name:
- - "irc.crans.org"
- - "irc"
- default: true
- ssl: crans.org
- locations:
- - filter: "^~ /web/"
- params:
- - "proxy_pass http://localhost:9000/"
- - "include \"/etc/nginx/snippets/options-proxypass.conf\""
- - filter: "~ ^/$"
- params:
- - "return 302 https://irc.crans.org/web/"
- - filter: "/"
- params:
- - "return 302 \"https://wiki.crans.org/VieCrans/UtiliserIrc#Via_l.27interface_web\""
-
loc_thelounge:
public: "true"
diff --git a/plays/cas.yml b/plays/cas.yml
index 634f03e4..c96359a3 100755
--- a/plays/cas.yml
+++ b/plays/cas.yml
@@ -5,7 +5,7 @@
- hosts: django_cas
vars:
django_cas: "{{ glob_django_cas | default({}) | combine(loc_django_cas | default({})) }}"
- nginx: "{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}"
+ nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
roles:
- django-cas
- nginx
diff --git a/plays/constellation.yml b/plays/constellation.yml
index 3a1d5fed..a2cd33e0 100755
--- a/plays/constellation.yml
+++ b/plays/constellation.yml
@@ -9,7 +9,7 @@
- hosts: constellation-front
vars:
constellation: "{{ glob_constellation | combine(loc_constellation | default({}), recursive=True) }}"
- nginx: "{{ glob_nginx | combine(loc_nginx | default({})) }}"
+ nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
roles:
- nginx
- constellation-front
diff --git a/plays/gitlab.yml b/plays/gitlab.yml
index f1cbc36a..ad80bf7c 100755
--- a/plays/gitlab.yml
+++ b/plays/gitlab.yml
@@ -15,7 +15,7 @@
gitlab: '{{ glob_gitlab | default({}) | combine(loc_gitlab | default({}), recursive=True) }}'
irker: '{{ glob_irker | default({}) | combine(loc_irker | default({})) }}'
mirror: '{{ glob_mirror | default({}) | combine(loc_mirror | default({})) }}'
- nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+ nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
reverseproxy: '{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}'
roles:
- certbot
diff --git a/plays/irc.yml b/plays/irc.yml
index b0c12a86..5cb04782 100755
--- a/plays/irc.yml
+++ b/plays/irc.yml
@@ -9,7 +9,7 @@
- hosts: thelounge,!adh_server
vars:
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
- nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+ nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
roles:
- certbot
- nginx
diff --git a/plays/jitsi.yml b/plays/jitsi.yml
index ee86ee5d..a223750c 100755
--- a/plays/jitsi.yml
+++ b/plays/jitsi.yml
@@ -3,7 +3,7 @@
- hosts: jitsi
vars:
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
- nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+ nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
jitsi: '{{ glob_jitsi | default({}) | combine(loc_jitsi | default({})) }}'
roles:
- certbot
diff --git a/plays/mailman.yml b/plays/mailman.yml
index cd80ad80..760e60ed 100755
--- a/plays/mailman.yml
+++ b/plays/mailman.yml
@@ -5,7 +5,7 @@
vars:
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
mailman3: '{{ glob_mailman3 | default({}) | combine(loc_mailman3 | default({})) }}'
- nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+ nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
opendkim: '{{ glob_opendkim | combine(loc_opendkim | default({})) }}'
roles:
- certbot
diff --git a/plays/moinmoin.yml b/plays/moinmoin.yml
index 35207855..7874729b 100755
--- a/plays/moinmoin.yml
+++ b/plays/moinmoin.yml
@@ -10,7 +10,7 @@
- hosts: wiki
vars:
moinmoin: '{{ glob_moinmoin | default({}) | combine(loc_moinmoin | default({})) }}'
- nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+ nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
roles:
- moinmoin
- nginx
diff --git a/plays/reverse-proxy.yml b/plays/reverse-proxy.yml
index 3b03f0a9..0767797d 100755
--- a/plays/reverse-proxy.yml
+++ b/plays/reverse-proxy.yml
@@ -3,7 +3,7 @@
- hosts: reverseproxy
vars:
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
- nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+ nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
reverseproxy: '{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}'
roles:
- certbot
diff --git a/plays/roundcube.yml b/plays/roundcube.yml
index c57e8920..e8faf799 100755
--- a/plays/roundcube.yml
+++ b/plays/roundcube.yml
@@ -3,7 +3,7 @@
- hosts: roundcube
vars:
- nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+ nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
roundcube: '{{ glob_roundcube | default({}) | combine(loc_roundcube | default({})) }}'
roles:
- roundcube
--
GitLab