From 3fceaeb8367863c6fcf9a298f696fb61e71d8775 Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <ynerant@crans.org>
Date: Sat, 2 Jan 2021 16:56:01 +0100
Subject: [PATCH] [nginx] allow setting credentials to a nginx server

---
 group_vars/mailman.yml                | 2 ++
 roles/nginx-mailman/tasks/main.yml    | 6 ------
 roles/nginx/tasks/main.yml            | 6 ++++++
 roles/nginx/templates/nginx/passwd.j2 | 4 ++++
 4 files changed, 12 insertions(+), 6 deletions(-)
 create mode 100644 roles/nginx/templates/nginx/passwd.j2

diff --git a/group_vars/mailman.yml b/group_vars/mailman.yml
index ee9fc899..ce6c454e 100644
--- a/group_vars/mailman.yml
+++ b/group_vars/mailman.yml
@@ -2,6 +2,8 @@
 loc_nginx:
   default_server: lists.crans.org
   default_ssl_server: lists.crans.org
+  auth_passwd:
+    Stop: "$apr1$NXaV5H7Q$J3ora3Jo5h775Y1nm93PN1"
   servers:
     - server_name:
       - lists.crans.org
diff --git a/roles/nginx-mailman/tasks/main.yml b/roles/nginx-mailman/tasks/main.yml
index 2e4cef6e..f74b3f0f 100644
--- a/roles/nginx-mailman/tasks/main.yml
+++ b/roles/nginx-mailman/tasks/main.yml
@@ -4,14 +4,8 @@
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
   loop:
-    - src: nginx/sites-available/mailman.j2
-      dest: /etc/nginx/sites-available/mailman
-    - src: nginx/mailman_passwd.j2
-      dest: /etc/nginx/mailman_passwd
     - src: nginx/snippets/fastcgi-mailman.conf.j2
       dest: /etc/nginx/snippets/fastcgi-mailman.conf
-    - src: nginx/snippets/options-ssl.conf.j2
-      dest: /etc/nginx/snippets/options-ssl.conf
     - src: var/www/robots.txt.j2
       dest: /var/www/robots.txt
     - src: var/www/custom_401.html.j2
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 3d80b8ba..61b69322 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -70,3 +70,9 @@
     src: update-motd.d/05-service.j2
     dest: /etc/update-motd.d/05-nginx
     mode: 0755
+
+- name: Install passwords
+  template:
+    src: nginx/passwd.j2
+    dest: /etc/nginx/passwd
+    mode: 0644
diff --git a/roles/nginx/templates/nginx/passwd.j2 b/roles/nginx/templates/nginx/passwd.j2
new file mode 100644
index 00000000..ea58b2da
--- /dev/null
+++ b/roles/nginx/templates/nginx/passwd.j2
@@ -0,0 +1,4 @@
+{{ ansible_header | comment }}
+{% for user, hash in nginx.auth_passwd -%}
+{{ user }}: {{ hash }}
+{% endfor -%}
-- 
GitLab