From d55543402e0156c64a785886c2167817bac0a27d Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Wed, 27 Oct 2021 09:57:56 +0200
Subject: [PATCH] zamok-tools: remove dark magic

---
 roles/zamok-tools/tasks/main.yml              | 11 +++-----
 .../templates/apache2/clubs-vhosts.map.j2     |  5 ----
 .../sites-available/000-perso-vhosts.conf.j2  | 25 -------------------
 .../{001-perso.conf.j2 => 000-perso.conf.j2}  | 10 ++------
 4 files changed, 5 insertions(+), 46 deletions(-)
 delete mode 100644 roles/zamok-tools/templates/apache2/clubs-vhosts.map.j2
 delete mode 100644 roles/zamok-tools/templates/apache2/sites-available/000-perso-vhosts.conf.j2
 rename roles/zamok-tools/templates/apache2/sites-available/{001-perso.conf.j2 => 000-perso.conf.j2} (68%)

diff --git a/roles/zamok-tools/tasks/main.yml b/roles/zamok-tools/tasks/main.yml
index 0c99d6af..0d8ee37a 100644
--- a/roles/zamok-tools/tasks/main.yml
+++ b/roles/zamok-tools/tasks/main.yml
@@ -90,23 +90,18 @@
     group: root
     mode: 0644
   loop:
-    - "clubs-vhosts.map"
     - "ports.conf"
-    - "sites-available/000-perso-vhosts.conf"
-    - "sites-available/001-perso.conf"
+    - "sites-available/000-perso.conf"
   notify: Reload apache
 
 - name: Enable apache sites
   file:
-    src: "/etc/apache2/sites-available/{{ item }}"
-    dest: "/etc/apache2/sites-enabled/{{ item }}"
+    src: /etc/apache2/sites-available/000-perso.conf
+    dest: /etc/apache2/sites-enabled/000-perso.conf
     owner: root
     group: root
     state: link
     force: true
-  loop:
-    - "000-perso-vhosts.conf"
-    - "001-perso.conf"
   notify: Reload apache
 
 - name: Add PAM rule to use namespaces to have separate temporary directories
diff --git a/roles/zamok-tools/templates/apache2/clubs-vhosts.map.j2 b/roles/zamok-tools/templates/apache2/clubs-vhosts.map.j2
deleted file mode 100644
index 04d15716..00000000
--- a/roles/zamok-tools/templates/apache2/clubs-vhosts.map.j2
+++ /dev/null
@@ -1,5 +0,0 @@
-{{ ansible_header | comment }}
-
-{% for host in adh.apache.club_vhosts -%}
-{{ host.from }} {{ host.to }}
-{% endfor -%}
diff --git a/roles/zamok-tools/templates/apache2/sites-available/000-perso-vhosts.conf.j2 b/roles/zamok-tools/templates/apache2/sites-available/000-perso-vhosts.conf.j2
deleted file mode 100644
index 1105143f..00000000
--- a/roles/zamok-tools/templates/apache2/sites-available/000-perso-vhosts.conf.j2
+++ /dev/null
@@ -1,25 +0,0 @@
-# Configuration des vhosts personnalises
-# Ce fichier doit etre le premier dans sites-enabled
-
-<VirtualHost *:80>
-    # Le nom du serveur est determine a partir de la requete HTTP
-    UseCanonicalName Off
-
-    # Logs
-    LogFormat "%{Host}i %h %l %u %t \"%r\" %s %b" vcommon
-    CustomLog /var/log/apache2/perso-vhosts.log vcommon
-
-    # On charge le fichier mappant les vhosts clubs
-    # puis on rewrite si seulement s'il y a un match
-    RewriteEngine On
-    RewriteMap clubs-vhost txt:/etc/apache2/clubs-vhosts.map
-    RewriteCond ${clubs-vhost:%{SERVER_NAME}} ^(.+)$
-    RewriteRule ^/(.*)$ /home/%1/$1 [last]
-
-    # Override defaults in /etc/apache2/mods-enabled/userdir.conf
-    # to add Indexes control in .htaccess and README
-    <Directory /home/*/www>
-        AllowOverride FileInfo AuthConfig Limit Indexes Options=Indexes
-        ReadmeName /mentionslegales.html
-    </Directory>
-</VirtualHost>
diff --git a/roles/zamok-tools/templates/apache2/sites-available/001-perso.conf.j2 b/roles/zamok-tools/templates/apache2/sites-available/000-perso.conf.j2
similarity index 68%
rename from roles/zamok-tools/templates/apache2/sites-available/001-perso.conf.j2
rename to roles/zamok-tools/templates/apache2/sites-available/000-perso.conf.j2
index 27774369..1c00d864 100644
--- a/roles/zamok-tools/templates/apache2/sites-available/001-perso.conf.j2
+++ b/roles/zamok-tools/templates/apache2/sites-available/000-perso.conf.j2
@@ -9,14 +9,6 @@
     RewriteRule ^/$ https://wiki.crans.org/PagesPerso [last,redirect]
     RewriteRule ^/~(.*)$ https://perso.crans.org/$1 [last,redirect]
 
-    # On aime la magie noire ici.
-    # Plus sÃ©rieusement, on aime beaucoup mod_userdir, mais on ne veut
-    # pas insÃ©rer un '~' avant le pseudo. Donc on rÃ©Ã©crit l'URL.
-    # Toute personne qui tente de rÃ©Ã©crire mod_userdir Ã  coup de RewriteRule
-    # s'aventure dans un monde chaotique, et PHP ne tournera plus en tant
-    # que chaque utilisateur menant Ã  des fuites de donnÃ©es.
-    RewriteRule ^/users/(.*)$ /~$1 [last,passthrough]
-
     # Si Ã§a match un utilisateur, on sert sa page personnelle
     RewriteRule ^/([^~/]+)/(.*)$ /home/$1/www/$2 [last]
     RewriteRule ^/([^~/]+)$ /home/$1/www/ [last]
@@ -29,6 +21,8 @@
     # to add Indexes control in .htaccess and README
     <Directory /home/*/www>
         AllowOverride FileInfo AuthConfig Limit Indexes Options=Indexes
+        Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+        Require method GET POST OPTIONS
         ReadmeName /mentionslegales.html
     </Directory>
 </VirtualHost>
-- 
GitLab