[nginx] Add service_nginx intermediary variable

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-03-24 14:38:54 +01:00 · 2021-03-24 14:38:54 +01:00 · 26e65bb7bc
parent 98263de23f
commit 26e65bb7bc
18 changed files with 53 additions and 35 deletions
--- a/group_vars/constellation-front.yml
+++ b/group_vars/constellation-front.yml
@ -1,5 +1,5 @@
 ---
-loc_nginx:
+service_nginx:
  service_name: constellation
  ssl: []
  servers:
--- a/group_vars/django_cas.yml
+++ b/group_vars/django_cas.yml
@ -16,7 +16,7 @@ glob_django_cas:
    host: "{{ query('ldap', 'ip', 'redisdead', 'adm') | ipv4 | first }}"
    port: 25
-loc_nginx:
+service_nginx:
  service_name: "cas"
  ssl: []
  servers:
--- a/group_vars/gitlab.yml
+++ b/group_vars/gitlab.yml
@ -20,5 +20,17 @@ glob_gitlab:
    address: "{{ query('ldap', 'ip', 'redisdead', 'adm') | first }}"
    port: 25
 service_nginx:
  ssl:
    - name: adm.crans.org
      cert: /etc/letsencrypt/live/adm.crans.org/fullchain.pem
      cert_key: /etc/letsencrypt/live/adm.crans.org/privkey.pem
      trusted_cert: /etc/letsencrypt/live/adm.crans.org/chain.pem
    - name: crans.org
      cert: /etc/letsencrypt/live/crans.org/fullchain.pem
      cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
      trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
  servers: []
 glob_irker:
  name: GitlabBot
--- a/group_vars/jitsi.yml
+++ b/group_vars/jitsi.yml
@ -1,6 +1,6 @@
 ---
 # We use embedded Jitsi configuration
-loc_nginx:
+service_nginx:
  servers: []
 glob_jitsi:
--- a/group_vars/mailman.yml
+++ b/group_vars/mailman.yml
@ -1,9 +1,14 @@
 ---
-loc_nginx:
+service_nginx:
  service_name: mailman3
  upstreams:
    - name: mailman3
      server: "unix:/run/mailman3-web/uwsgi.sock fail_timeout=0"
  default_server: lists.crans.org
  default_ssl_server: lists.crans.org
  auth_passwd:
    Stop: "$apr1$NXaV5H7Q$J3ora3Jo5h775Y1nm93PN1"
  deploy_robots_file: true
  servers:
    - ssl: false
      server_name:
--- a/group_vars/roundcube.yml
+++ b/group_vars/roundcube.yml
@ -31,7 +31,7 @@ glob_roundcube:
    larry: https://www.crans.org/images/crans_banner.png
    classic: https://www.crans.org/images/crans_banner.png
-loc_nginx:
+service_nginx:
  service_name: "roundcube"
  ssl: []
  servers:
--- a/group_vars/thelounge.yml
+++ b/group_vars/thelounge.yml
@ -24,3 +24,24 @@ glob_thelounge:
    filter: "(objectclass=inetOrgPerson)"
    base: "dc=crans,dc=org"
    scope: "sub"
 service_nginx:
  service_name: "thelounge"
  servers:
    - server_name:
        - "irc.crans.org"
        - "irc"
      default: true
      ssl: crans.org
      locations:
        - filter: "^~ /web/"
          params:
            - "proxy_pass http://localhost:9000/"
            - "include \"/etc/nginx/snippets/options-proxypass.conf\""
        - filter: "~ ^/$"
          params:
            - "return 302 https://irc.crans.org/web/"
        - filter: "/"
          params:
            - "return 302 \"https://wiki.crans.org/VieCrans/UtiliserIrc#Via_l.27interface_web\""
--- a/group_vars/wiki.yml
+++ b/group_vars/wiki.yml
@ -2,7 +2,7 @@
 glob_moinmoin:
  main: false
-loc_nginx:
+service_nginx:
  service_name: wiki
  ssl: []
  servers:
--- a/host_vars/irc.adm.crans.org.yml
+++ b/host_vars/irc.adm.crans.org.yml
@ -3,26 +3,6 @@ interfaces:
  adm: ens18
  srv: ens19
 loc_nginx:
  service_name: "thelounge"
  servers:
    - server_name:
        - "irc.crans.org"
        - "irc"
      default: true
      ssl: crans.org
      locations:
        - filter: "^~ /web/"
          params:
            - "proxy_pass http://localhost:9000/"
            - "include \"/etc/nginx/snippets/options-proxypass.conf\""
        - filter: "~ ^/$"
          params:
            - "return 302 https://irc.crans.org/web/"
        - filter: "/"
          params:
            - "return 302 \"https://wiki.crans.org/VieCrans/UtiliserIrc#Via_l.27interface_web\""
 loc_thelounge:
  public: "true"
--- a/plays/cas.yml
+++ b/plays/cas.yml
@ -5,7 +5,7 @@
 - hosts: django_cas
  vars:
    django_cas: "{{ glob_django_cas | default({}) | combine(loc_django_cas | default({})) }}"
-    nginx: "{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}"
+    nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
  roles:
    - django-cas
    - nginx
--- a/plays/constellation.yml
+++ b/plays/constellation.yml
@ -9,7 +9,7 @@
 - hosts: constellation-front
  vars:
    constellation: "{{ glob_constellation | combine(loc_constellation | default({}), recursive=True) }}"
-    nginx: "{{ glob_nginx | combine(loc_nginx | default({})) }}"
+    nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
  roles:
    - nginx
    - constellation-front
--- a/plays/gitlab.yml
+++ b/plays/gitlab.yml
@ -15,7 +15,7 @@
    gitlab: '{{ glob_gitlab | default({}) | combine(loc_gitlab | default({}), recursive=True) }}'
    irker: '{{ glob_irker | default({}) | combine(loc_irker | default({})) }}'
    mirror: '{{ glob_mirror | default({}) | combine(loc_mirror | default({})) }}'
-    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+    nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
    reverseproxy: '{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}'
  roles:
    - certbot
--- a/plays/irc.yml
+++ b/plays/irc.yml
@ -9,7 +9,7 @@
 - hosts: thelounge,!adh_server
  vars:
    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
-    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+    nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
  roles:
    - certbot
    - nginx
--- a/plays/jitsi.yml
+++ b/plays/jitsi.yml
@ -3,7 +3,7 @@
 - hosts: jitsi
  vars:
    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
-    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+    nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
    jitsi: '{{ glob_jitsi | default({}) | combine(loc_jitsi | default({})) }}'
  roles:
    - certbot
--- a/plays/mailman.yml
+++ b/plays/mailman.yml
@ -5,7 +5,7 @@
  vars:
    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
    mailman3: '{{ glob_mailman3 | default({}) | combine(loc_mailman3 | default({})) }}'
-    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+    nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
    opendkim: '{{ glob_opendkim | combine(loc_opendkim | default({})) }}'
  roles:
    - certbot
--- a/plays/moinmoin.yml
+++ b/plays/moinmoin.yml
@ -10,7 +10,7 @@
 - hosts: wiki
  vars:
    moinmoin: '{{ glob_moinmoin | default({}) | combine(loc_moinmoin | default({})) }}'
-    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+    nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
  roles:
    - moinmoin
    - nginx
--- a/plays/reverse-proxy.yml
+++ b/plays/reverse-proxy.yml
@ -3,7 +3,7 @@
 - hosts: reverseproxy
  vars:
    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
-    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+    nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
    reverseproxy: '{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}'
  roles:
    - certbot
--- a/plays/roundcube.yml
+++ b/plays/roundcube.yml
@ -3,7 +3,7 @@
 - hosts: roundcube
  vars:
-    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+    nginx: '{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}'
    roundcube: '{{ glob_roundcube | default({}) | combine(loc_roundcube | default({})) }}'
  roles:
    - roundcube