[nginx] Load global and local nginx configuration

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-17 20:29:12 +01:00 · 2021-02-17 20:29:12 +01:00 · a9897ec3c0
parent ec262bd5c1
commit a9897ec3c0
4 changed files with 11 additions and 15 deletions
--- a/group_vars/nginx.yml
+++ b/group_vars/nginx.yml
@ -1,5 +1,9 @@
 ---
 glob_nginx:
+  ssl:
+    cert: /etc/letsencrypt/live/crans.org/fullchain.pem
+    cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
+    trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
  servers:
    server_name:
      - "default"
--- a/plays/mailman.yml
+++ b/plays/mailman.yml
@ -8,20 +8,10 @@
      default_url: "https://lists.crans.org/"
      default_host: "lists.crans.org"
      default_language: "fr"
-      auth_basic: |
-        "On n'aime pas les spambots, donc on a mis un mot de passe. Le login est Stop et le mot de passe est Spam.";
-      custom_logo: "crans_icon_dark.svg"
-      custom_logo_name: "crans.svg"
-      custom_logo_url: "https://www.crans.org/"
-      custom_logo_alt: "CRANS"
    spamassassin: "SpamAssassin_crans"
    smtphost: "smtp.adm.crans.org"
    mynetworks: ['138.231.0.0/16', '185.230.76.0/22', '2a0c:700:0::/40']
-    nginx:
-      ssl:
-        cert: /etc/letsencrypt/live/crans.org/fullchain.pem
-        cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
-        trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
+    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
  roles:
    - mailman
    - nginx
--- a/plays/mirror.yml
+++ b/plays/mirror.yml
@ -71,6 +71,8 @@
        cron_time: "00 5"
        rsync_host: cdimage.ubuntu.com
        rsync_path: cdimage/ubuntu-mate/releases
+
+    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
  roles:
    - ftpsync
    - rsync-mirror
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@ -21,7 +21,7 @@
    dest: /etc/letsencrypt/dhparam

 - name: Copy reverse proxy sites
-  when: nginx.reverseproxy_sites|length + nginx.redirect_sites|length > 0
+  when: nginx.reverseproxy_sites is defined or nginx.redirect_sites is defined
  template:
    src: "nginx/sites-available/{{ item }}.j2"
    dest: "/etc/nginx/sites-available/{{ item }}"
@ -32,7 +32,7 @@
  notify: Reload nginx

 - name: Activate reverse proxy sites
-  when: nginx.reverseproxy_sites|length + nginx.redirect_sites|length > 0
+  when: nginx.reverseproxy_sites is defined or nginx.redirect_sites is defined
  file:
    src: "/etc/nginx/sites-available/{{ item }}"
    dest: "/etc/nginx/sites-enabled/{{ item }}"
@ -45,14 +45,14 @@
  ignore_errors: "{{ ansible_check_mode }}"

 - name: Copy service nginx configuration
-  when: nginx.servers|length > 0
+  when: nginx.servers is defined and nginx.servers|length > 0
  template:
    src: "nginx/sites-available/service.j2"
    dest: "/etc/nginx/sites-available/service"
  notify: Reload nginx

 - name: Activate local nginx service site
-  when: nginx.servers|length > 0
+  when: nginx.servers|bool
  file:
    src: "/etc/nginx/sites-available/service"
    dest: "/etc/nginx/sites-enabled/service"