From a9897ec3c0b30e8a13022f6e7a44e39042a2bcd5 Mon Sep 17 00:00:00 2001 From: ynerant Date: Wed, 17 Feb 2021 20:29:12 +0100 Subject: [PATCH] [nginx] Load global and local nginx configuration Signed-off-by: Yohann D'ANELLO --- group_vars/nginx.yml | 4 ++++ plays/mailman.yml | 12 +----------- plays/mirror.yml | 2 ++ roles/nginx/tasks/main.yml | 8 ++++---- 4 files changed, 11 insertions(+), 15 deletions(-) diff --git a/group_vars/nginx.yml b/group_vars/nginx.yml index 8591ff32..00383aea 100644 --- a/group_vars/nginx.yml +++ b/group_vars/nginx.yml @@ -1,5 +1,9 @@ --- glob_nginx: + ssl: + cert: /etc/letsencrypt/live/crans.org/fullchain.pem + cert_key: /etc/letsencrypt/live/crans.org/privkey.pem + trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem servers: server_name: - "default" diff --git a/plays/mailman.yml b/plays/mailman.yml index 17aa53da..a0a2a60f 100755 --- a/plays/mailman.yml +++ b/plays/mailman.yml @@ -8,20 +8,10 @@ default_url: "https://lists.crans.org/" default_host: "lists.crans.org" default_language: "fr" - auth_basic: | - "On n'aime pas les spambots, donc on a mis un mot de passe. Le login est Stop et le mot de passe est Spam."; - custom_logo: "crans_icon_dark.svg" - custom_logo_name: "crans.svg" - custom_logo_url: "https://www.crans.org/" - custom_logo_alt: "CRANS" spamassassin: "SpamAssassin_crans" smtphost: "smtp.adm.crans.org" mynetworks: ['138.231.0.0/16', '185.230.76.0/22', '2a0c:700:0::/40'] - nginx: - ssl: - cert: /etc/letsencrypt/live/crans.org/fullchain.pem - cert_key: /etc/letsencrypt/live/crans.org/privkey.pem - trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem + nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}' roles: - mailman - nginx diff --git a/plays/mirror.yml b/plays/mirror.yml index b7a1f219..4b5ba67a 100755 --- a/plays/mirror.yml +++ b/plays/mirror.yml @@ -71,6 +71,8 @@ cron_time: "00 5" rsync_host: cdimage.ubuntu.com rsync_path: cdimage/ubuntu-mate/releases + + nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}' roles: - ftpsync - rsync-mirror diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 159f5cf9..441ac4dd 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -21,7 +21,7 @@ dest: /etc/letsencrypt/dhparam - name: Copy reverse proxy sites - when: nginx.reverseproxy_sites|length + nginx.redirect_sites|length > 0 + when: nginx.reverseproxy_sites is defined or nginx.redirect_sites is defined template: src: "nginx/sites-available/{{ item }}.j2" dest: "/etc/nginx/sites-available/{{ item }}" @@ -32,7 +32,7 @@ notify: Reload nginx - name: Activate reverse proxy sites - when: nginx.reverseproxy_sites|length + nginx.redirect_sites|length > 0 + when: nginx.reverseproxy_sites is defined or nginx.redirect_sites is defined file: src: "/etc/nginx/sites-available/{{ item }}" dest: "/etc/nginx/sites-enabled/{{ item }}" @@ -45,14 +45,14 @@ ignore_errors: "{{ ansible_check_mode }}" - name: Copy service nginx configuration - when: nginx.servers|length > 0 + when: nginx.servers is defined and nginx.servers|length > 0 template: src: "nginx/sites-available/service.j2" dest: "/etc/nginx/sites-available/service" notify: Reload nginx - name: Activate local nginx service site - when: nginx.servers|length > 0 + when: nginx.servers|bool file: src: "/etc/nginx/sites-available/service" dest: "/etc/nginx/sites-enabled/service"