diff --git a/group_vars/mailman.yml b/group_vars/mailman.yml new file mode 100644 index 00000000..ee9fc899 --- /dev/null +++ b/group_vars/mailman.yml @@ -0,0 +1,54 @@ +--- +loc_nginx: + default_server: lists.crans.org + default_ssl_server: lists.crans.org + servers: + - server_name: + - lists.crans.org + ssl: true + root: "/usr/lib/cgi-bin/mailman/" + index: + - index.htm + - index.html + locations: + - filter: "/error/" + params: + - "internal" + - "alias /var/www" + - filter: "/create" + params: + - "default_type text/html" + - "alias /etc/mailman/create.txt" + - filter: "~ ^/$" + params: + - "return 302 https://lists.crans.org/listinfo" + - filter: "~ ^/admin" + params: + - "satisfy any" + - "include \"/etc/nginx/snippets/fastcgi.conf\"" + - "allow 185.230.76.0/22" + - "allow 2a0c:700:0::/40" + - "deny all" + - "auth_basic \"On n'aime pas les spambots, donc on a mis un mot de passe. Le login est Stop et le mot de passe est Spam.\"" + - "auth_basic_user_file /etc/nginx/passwd" + - "error_page 401 /error/custom_401.html" + - filter: "~ ^/admin" + params: + - "satisfy any" + - "include \"/etc/nginx/snippets/fastcgi.conf\"" + - "allow 185.230.76.0/22" + - "allow 2a0c:700:0::/40" + - "deny all" + - "auth_basic \"On n'aime pas les spambots, donc on a mis un mot de passe. Le login est Stop et le mot de passe est Spam.\"" + - "auth_basic_user_file /etc/nginx/passwd" + - "error_page 401 /error/custom_401.html" + - filter: "/images/mailman" + params: + - "alias /usr/share/images/mailman" + - filter: "/robots.txt" + params: + - "alias /var/www/robots.txt" + - filter: "/archives" + params: + - "alias /var/lib/mailman/archives/public" + - "autoindex on" diff --git a/hosts b/hosts index 397f791c..92e55030 100644 --- a/hosts +++ b/hosts @@ -77,6 +77,9 @@ sputnik.adm.crans.org [linx] linx.adm.crans.org +[mailman] +redisdead.adm.crans.org + [monitoring] monitoring.adm.crans.org diff --git a/roles/nginx/templates/nginx/sites-available/service.j2 b/roles/nginx/templates/nginx/sites-available/service.j2 index a7b3bacb..13569dcc 100644 --- a/roles/nginx/templates/nginx/sites-available/service.j2 +++ b/roles/nginx/templates/nginx/sites-available/service.j2 @@ -14,32 +14,32 @@ server { listen [::]:443 default_server ssl; include "/etc/nginx/snippets/options-ssl.conf"; - server_name {{ ngix.default_ssl_host }}; + server_name {{ ngix.default_ssl_server }}; charset utf-8; # Hide Nginx version server_tokens off; location / { - return 302 https://{{ nginx.default_ssl_host }}$request_uri; + return 302 https://{{ nginx.default_ssl_server }}$request_uri; } } {% endif -%} -{% if nginx.default_host -%} +{% if nginx.default_server -%} # Redirect all services to the main site server { listen 80 default_server; listen [::]:80 default_server; - server_name {{ nginx.default_host }}; + server_name {{ nginx.default_server }}; charset utf-8; # Hide Nginx version server_tokens off; location / { - return 302 http://{{ nginx.default_host }}$request_uri; + return 302 http://{{ nginx.default_server }}$request_uri; } } {% endif -%} @@ -83,7 +83,7 @@ server { root {{ server.root }}; {% endif -%} {% if server.index -%} - index {{ server.index }}; + index {{ server.index|join:" " }}; {% endif -%} {% if server.access_log -%} @@ -95,7 +95,9 @@ server { {% for location in server.locations -%} location {{ location.filter }} { - {{ location.params|join:"\n "|unsafe }} + {% for param in params -%} + {{ param }}; + {% endfor -%} } {% endfor -%} }