crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[nginx/mailman] Fix configuration 

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
certbot_on_virtu
Yohann D'ANELLO 2021-02-22 23:23:18 +01:00 committed by ynerant
parent 28a6fd4be6
commit 6d35dcd7e8
7 changed files with 41 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
group_vars/mailman.yml
View File

@ -18,21 +18,21 @@ loc_nginx:
- filter: "/error/" - filter: "/error/"
params: params:
- "internal" - "internal"
- "alias /var/www/html" - "alias /var/www/html/"
- filter: "/create" - filter: "/create"
params: params:
- "default_type text/html" - "default_type text/html"
- "alias /etc/mailman/create.txt" - "alias /etc/mailman/create.html"
- filter: "~ ^/$" - filter: "~ ^/$"
params: params:
- "return 302 https://lists.crans.org/listinfo" - "return 302 https://lists.crans.org/listinfo"
- filter: "/" - filter: "/"
params: params:
- "include \"/etc/nginx/snippets/fastcgi.conf\"" - "include \"/etc/nginx/snippets/fastcgi-mailman.conf\""
- filter: "~ ^/listinfo" - filter: "~ ^/listinfo"
params: params:
- "satisfy any" - "satisfy any"
- "include \"/etc/nginx/snippets/fastcgi.conf\"" - "include \"/etc/nginx/snippets/fastcgi-mailman.conf\""
- "allow 185.230.76.0/22" - "allow 185.230.76.0/22"
- "allow 2a0c:700:0::/40" - "allow 2a0c:700:0::/40"
- "deny all" - "deny all"
@ -42,7 +42,7 @@ loc_nginx:
- filter: "~ ^/admin" - filter: "~ ^/admin"
params: params:
- "satisfy any" - "satisfy any"
- "include \"/etc/nginx/snippets/fastcgi.conf\"" - "include \"/etc/nginx/snippets/fastcgi-mailman.conf\""
- "allow 185.230.76.0/22" - "allow 185.230.76.0/22"
- "allow 2a0c:700:0::/40" - "allow 2a0c:700:0::/40"
- "deny all" - "deny all"

8
host_vars/redisdead.adm.crans.org.yml
View File

@ -33,3 +33,11 @@ to_backup:
secrets_file: "/etc/rsyncd.secrets", secrets_file: "/etc/rsyncd.secrets",
hosts_allow: ["zephir.adm.crans.org", "10.231.136.6"], hosts_allow: ["zephir.adm.crans.org", "10.231.136.6"],
} }
loc_certbot:
- dns_rfc2136_server: '172.16.10.147'
dns_rfc2136_name: certbot_challenge.
dns_rfc2136_secret: "{{ vault.certbot_dns_secret }}"
mail: root@crans.org
certname: crans.org
domains: "*.crans.org"

1
hosts
View File

@ -26,6 +26,7 @@ sputnik.adm.crans.org
[certbot:children] [certbot:children]
dovecot dovecot
git git
mailman
radius # We use certbot to manage LE certificates radius # We use certbot to manage LE certificates
reverseproxy reverseproxy
thelounge thelounge

8
roles/mailman/tasks/main.yml
View File

@ -19,6 +19,14 @@
- create.html - create.html
notify: Reload mailman notify: Reload mailman
- name: Deploy mailman snippet
template:
src: "nginx/snippets/fastcgi-mailman.conf.j2"
dest: "/etc/nginx/snippets/fastcgi-mailman.conf"
owner: root
group: root
mode: 0644
# Fanciness # Fanciness
- name: Deploy custom logo - name: Deploy custom logo
copy: copy:

18
roles/mailman/templates/nginx/snippets/fastcgi-mailman.conf.j2 100644
View File

@ -0,0 +1,18 @@
{{ ansible_header | comment }}
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info (^/[^/]*)(.*)$;
# check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
# Let NGINX handle errors
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi.conf;
fastcgi_pass unix:/var/run/fcgiwrap.socket;

2
roles/nginx/templates/nginx/passwd.j2
View File

@ -1,4 +1,4 @@
{{ ansible_header | comment }} {{ ansible_header | comment }}
{% for user, hash in nginx.auth_passwd.items() -%} {% for user, hash in nginx.auth_passwd.items() -%}
{{ user }}: {{ hash }} {{ user }}:{{ hash }}
{% endfor -%} {% endfor -%}

2
roles/nginx/templates/www/html/robots.txt.j2
View File

@ -1,4 +1,2 @@
{{ ansible_header | comment }}
User-agent: * User-agent: *
Disallow: / Disallow: /