From d6f15d421000955dcfe0c8ed7653085e65d88725 Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <ynerant@crans.org>
Date: Mon, 22 Feb 2021 19:11:47 +0100
Subject: [PATCH] [nginx/cas] Factorize nginx configuration

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
---
 group_vars/django_cas.yml                     | 37 ++++++++++++++-----
 hosts                                         |  1 +
 plays/cas.yml                                 |  2 +
 roles/django-cas/handlers/main.yml            |  5 ---
 roles/django-cas/tasks/main.yml               | 15 --------
 .../templates/nginx/sites-available/cas.j2    | 26 -------------
 roles/roundcube/handlers/main.yml             |  5 ---
 7 files changed, 30 insertions(+), 61 deletions(-)
 delete mode 100644 roles/django-cas/templates/nginx/sites-available/cas.j2
 delete mode 100644 roles/roundcube/handlers/main.yml

diff --git a/group_vars/django_cas.yml b/group_vars/django_cas.yml
index ffed7ace..a576a8c7 100644
--- a/group_vars/django_cas.yml
+++ b/group_vars/django_cas.yml
@@ -2,13 +2,6 @@
 glob_django_cas:
   repo: 'http://gitlab.adm.crans.org/nounous/django-cas.git'
   path: '/var/local/django-cas'
-  url:
-    - cas.crans.org
-    - cas.adm.crans.org
-    - login.crans.org
-    - login.adm.crans.org
-    - auth.crans.org
-    - auth.adm.crans.org
   ldap:
     dn: 'cn=Utilisateurs,dc=crans,dc=org'
     password: "{{ vault.cas_ldap_password }}"
@@ -18,6 +11,30 @@ glob_django_cas:
     host: tealc.adm.crans.org
     password: "{{ vault.cas_database_password }}"
   secret_key: "{{ vault.cas_secret_key }}"
-  reverse_proxy:
-    - '10.231.136.0/24'
-    - '2a0c:700:0:2::/64'
+
+loc_nginx:
+  service_name: "cas"
+  ssl: []
+  servers:
+    - server_name:
+        - cas.crans.org
+        - cas.adm.crans.org
+        - login.crans.org
+        - login.adm.crans.org
+        - auth.crans.org
+        - auth.adm.crans.org
+      default: true
+      locations:
+        - filter: "/cas"
+          params:
+            - "rewrite ^/cas$ / redirect"
+            - "rewrite ^/cas/(.*)$ /$1 redirect"
+
+        - filter: "/static"
+          params:
+            - "alias /var/local/django-cas/cas/local_static"
+
+        - filter: "/"
+          params:
+            - "uwsgi_pass unix:///var/run/uwsgi/app/cas/socket"
+            - "include uwsgi_params"
diff --git a/hosts b/hosts
index a6380b61..a42cb4f7 100644
--- a/hosts
+++ b/hosts
@@ -88,6 +88,7 @@ monitoring.adm.crans.org
 charybde.adm.crans.org
 
 [nginx:children]
+django_cas
 mailman
 reverseproxy
 roundcube
diff --git a/plays/cas.yml b/plays/cas.yml
index a55a8ab1..634f03e4 100755
--- a/plays/cas.yml
+++ b/plays/cas.yml
@@ -5,5 +5,7 @@
 - hosts: django_cas
   vars:
     django_cas: "{{ glob_django_cas | default({}) | combine(loc_django_cas | default({})) }}"
+    nginx: "{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}"
   roles:
     - django-cas
+    - nginx
diff --git a/roles/django-cas/handlers/main.yml b/roles/django-cas/handlers/main.yml
index fe8fbf15..ba46876d 100644
--- a/roles/django-cas/handlers/main.yml
+++ b/roles/django-cas/handlers/main.yml
@@ -1,9 +1,4 @@
 ---
-- name: Restart nginx
-  service:
-    name: nginx
-    state: restarted
-
 - name: Restart uwsgi
   service:
     name: uwsgi
diff --git a/roles/django-cas/tasks/main.yml b/roles/django-cas/tasks/main.yml
index 3b40472c..cc854db1 100644
--- a/roles/django-cas/tasks/main.yml
+++ b/roles/django-cas/tasks/main.yml
@@ -3,7 +3,6 @@
   apt:
     update_cache: true
     name:
-      - nginx
       - uwsgi
       - uwsgi-plugin-python3
       - python3-django
@@ -30,20 +29,6 @@
     owner: www-data
   notify: Restart uwsgi
 
-- name: Configure NGINX site
-  template:
-    src: nginx/sites-available/cas.j2
-    dest: /etc/nginx/sites-available/cas
-    mode: 0644
-  notify: Restart nginx
-
-- name: Enable nginx site
-  file:
-    src: /etc/nginx/sites-available/cas
-    dest: /etc/nginx/sites-enabled/cas
-    state: link
-  notify: Restart nginx
-
 - name: Configure UWSGI app
   template:
     src: uwsgi/apps-available/cas.ini.j2
diff --git a/roles/django-cas/templates/nginx/sites-available/cas.j2 b/roles/django-cas/templates/nginx/sites-available/cas.j2
deleted file mode 100644
index 2372ae92..00000000
--- a/roles/django-cas/templates/nginx/sites-available/cas.j2
+++ /dev/null
@@ -1,26 +0,0 @@
-{{ ansible_header | comment }}
-
-server {
-     server_name {{ django_cas.url | join(' ') }};
-     listen 80;
-     listen [::]:80;
-
-     location /cas {
-         rewrite ^/cas$ / redirect;
-         rewrite ^/cas/(.*)$ /$1 redirect;
-     }
-
-     location /static {
-         alias {{ django_cas.path }}/cas/local_static;
-     }
-
-{% for ip in django_cas.reverse_proxy | default([]) %}
-     set_real_ip_from {{ ip }};
-{% endfor %}
-     real_ip_header P-Real-Ip;
-
-     location / {
-         uwsgi_pass unix:///var/run/uwsgi/app/cas/socket;
-         include uwsgi_params;
-     }
-}
diff --git a/roles/roundcube/handlers/main.yml b/roles/roundcube/handlers/main.yml
deleted file mode 100644
index 2e593d34..00000000
--- a/roles/roundcube/handlers/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- name: Restart nginx
-  service:
-    name: nginx
-    state: restarted