From 3d02e0f4fbf5626bdfe8c6cb4493661d976fdd87 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Tue, 9 Jul 2024 10:38:28 +0200 Subject: [PATCH] [mod] nginx-connector-roles:conf formatting --- roles/authelia-and-nginx/templates/conf.j2 | 4 +- roles/dokuwiki-and-nginx/templates/conf.j2 | 4 +- roles/element-and-nginx/defaults/main.json | 12 +---- roles/element-and-nginx/meta/main.json | 32 ------------ roles/element-and-nginx/templates/conf.j2 | 11 +++-- roles/element-and-nginx/vardef.json | 57 +++------------------- roles/gitlab-and-nginx/templates/conf.j2 | 4 +- roles/hedgedoc-and-nginx/templates/conf.j2 | 4 +- roles/synapse-and-nginx/templates/conf.j2 | 4 +- roles/vikunja-and-nginx/templates/conf.j2 | 4 +- 10 files changed, 25 insertions(+), 111 deletions(-) delete mode 100644 roles/element-and-nginx/meta/main.json diff --git a/roles/authelia-and-nginx/templates/conf.j2 b/roles/authelia-and-nginx/templates/conf.j2 index e6c60cc..417fb06 100644 --- a/roles/authelia-and-nginx/templates/conf.j2 +++ b/roles/authelia-and-nginx/templates/conf.j2 @@ -50,14 +50,14 @@ server { listen 80; listen [::]:80; -{% if (var_authelia_and_nginx_tls_mode == "force") %} +{% if (var_authelia_and_nginx_tls_mode == 'force') %} return 301 https://$http_host$request_uri; {% else %} {{ authelia_common() }} {% endif %} } -{% if (var_element_and_nginx_tls_mode != "disable") %} +{% if (var_element_and_nginx_tls_mode != 'disable') %} server { server_name {{var_authelia_and_nginx_domain}}; diff --git a/roles/dokuwiki-and-nginx/templates/conf.j2 b/roles/dokuwiki-and-nginx/templates/conf.j2 index da2d6d5..4cfdac5 100644 --- a/roles/dokuwiki-and-nginx/templates/conf.j2 +++ b/roles/dokuwiki-and-nginx/templates/conf.j2 @@ -48,14 +48,14 @@ server { listen 80; listen [::]:80; -{% if (var_dokuwki_and_nginx_tls_mode == "force") %} +{% if (var_dokuwki_and_nginx_tls_mode == 'force') %} return 301 https://$http_host$request_uri; {% else %} {{ dokuwki_common() }} {% endif %} } -{% if (var_element_and_nginx_tls_mode != "disable") %} +{% if (var_element_and_nginx_tls_mode != 'disable') %} server { server_name {{var_dokuwki_and_nginx_domain}}; diff --git a/roles/element-and-nginx/defaults/main.json b/roles/element-and-nginx/defaults/main.json index aa43d9e..4c7e5b6 100644 --- a/roles/element-and-nginx/defaults/main.json +++ b/roles/element-and-nginx/defaults/main.json @@ -1,15 +1,5 @@ { "var_element_and_nginx_domain": "element.example.org", "var_element_and_nginx_path": "/opt/element", - "var_element_and_nginx_element_version": "v1.11.47", - "var_element_and_nginx_element_matrix_baseurl": "https://matrix.example.org", - "var_element_and_nginx_element_server_name": "example" - "var_element_and_nginx_tls_mode": "disable", - "var_element_and_nginx_tls_cert_kind": "none", - "var_element_and_nginx_tls_cert_data_existing_key_path": "/tmp/key.pem", - "var_element_and_nginx_tls_cert_data_existing_cert_path": "/tmp/cert.pem", - "var_element_and_nginx_tls_cert_data_existing_fullchain_path": "/tmp/fullchain.pem", - "var_element_and_nginx_tls_cert_data_acme_inwx_acme_account_email": "REPLACE_ME", - "var_element_and_nginx_tls_cert_data_acme_inwx_inwx_account_username": "REPLACE_ME", - "var_element_and_nginx_tls_cert_data_acme_inwx_inwx_account_password": "REPLACE_ME" + "var_element_and_nginx_tls_mode": "enable" } diff --git a/roles/element-and-nginx/meta/main.json b/roles/element-and-nginx/meta/main.json deleted file mode 100644 index 3b5f228..0000000 --- a/roles/element-and-nginx/meta/main.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "dependencies": [ - { - "role": "element", - "var_element_version": "{{var_element_and_nginx_element_version}}", - "var_element_path": "{{var_element_and_nginx_path}}", - "var_element_matrix_baseurl": "{{var_element_and_nginx_element_matrix_baseurl}}", - "var_element_server_name": "{{var_element_and_nginx_element_server_name}}" - }, - { - "when": "var_element_and_nginx_tls_cert_kind == 'existing'", - "role": "tlscert_existing", - "var_tlscert_existing_domain": "{{var_element_and_nginx_domain}}", - "var_tlscert_existing_key_path": "{{var_element_and_nginx_tls_cert_data_existing_key_path}}", - "var_tlscert_existing_cert_path": "{{var_element_and_nginx_tls_cert_data_existing_cert_path}}", - "var_tlscert_existing_fullchain_path": "{{var_element_and_nginx_tls_cert_data_existing_fullchain_path}}" - }, - { - "when": "var_element_and_nginx_tls_cert_kind == 'selfsigned'", - "role": "tlscert_selfsigned", - "var_tlscert_selfsigned": "{{var_element_and_nginx_domain}}" - }, - { - "when": "var_element_and_nginx_tls_cert_kind == 'acme_inwx'", - "role": "tlscert_acme_inwx", - "var_tlscert_acme_inwx_domain": "{{var_element_and_nginx_domain}}", - "var_tlscert_acme_inwx_acme_account_email": "{{var_element_and_nginx_tls_cert_data_acme_inwx_acme_account_email}}", - "var_tlscert_acme_inwx_inwx_account_username": "{{var_element_and_nginx_tls_cert_data_acme_inwx_inwx_account_username}}", - "var_tlscert_acme_inwx_inwx_account_password": "{{var_element_and_nginx_tls_cert_data_acme_inwx_inwx_account_password}}" - } - ] -} diff --git a/roles/element-and-nginx/templates/conf.j2 b/roles/element-and-nginx/templates/conf.j2 index 875c002..2108550 100644 --- a/roles/element-and-nginx/templates/conf.j2 +++ b/roles/element-and-nginx/templates/conf.j2 @@ -1,28 +1,29 @@ {% macro element_common() %} - root {{var_element_and_nginx_path}}; +root {{var_element_and_nginx_path}}; {% endmacro %} + server { server_name {{var_element_and_nginx_domain}}; listen 80; listen [::]:80; - -{% if (var_element_and_nginx_tls_mode == "force") %} + +{% if (var_element_and_nginx_tls_mode == 'force') %} return 301 https://$http_host$request_uri; {% else %} {{ element_common() }} {% endif %} } -{% if (var_element_and_nginx_tls_mode != "disable") %} +{% if (var_element_and_nginx_tls_mode != 'disable') %} server { server_name {{var_element_and_nginx_domain}}; listen 443 ssl; listen [::]:443 ssl; - ssl_certificate /etc/ssl/fullchains/{{var_element_and_nginx_domain}}.pem; ssl_certificate_key /etc/ssl/private/{{var_element_and_nginx_domain}}.pem; + ssl_certificate /etc/ssl/fullchains/{{var_element_and_nginx_domain}}.pem; include /etc/nginx/ssl-hardening.conf; {{ element_common() }} diff --git a/roles/element-and-nginx/vardef.json b/roles/element-and-nginx/vardef.json index a51eccf..eff28cf 100644 --- a/roles/element-and-nginx/vardef.json +++ b/roles/element-and-nginx/vardef.json @@ -1,64 +1,19 @@ { "domain": { - "type": "string", - "mandatory": false + "mandatory": false, + "type": "string" }, "path": { - "type": "string", - "mandatory": false - }, - "element_version": { - "type": "string", - "mandatory": false - }, - "element_matrix_baseurl": { - "type": "string", - "mandatory": false - }, - "element_server_name": { - "type": "string", - "mandatory": false + "mandatory": false, + "type": "string" }, "tls_mode": { + "mandatory": false, "type": "string", "options": [ "disable", "enable", "force" - ], - "mandatory": false - }, - "tls_cert_kind": { - "type": "string", - "options": [ - "none", - "selfsigned", - "acme_inwx" - ], - "mandatory": false - }, - "tls_cert_data_existing_key_path": { - "type": "string", - "mandatory": false - }, - "tls_cert_data_existing_cert_path": { - "type": "string", - "mandatory": false - }, - "tls_cert_data_existing_fullchain_path": { - "type": "string", - "mandatory": false - }, - "tls_cert_data_acme_inwx_acme_account_email": { - "type": "string", - "mandatory": false - }, - "tls_cert_data_acme_inwx_inwx_account_username": { - "type": "string", - "mandatory": false - }, - "tls_cert_data_acme_inwx_inwx_account_password": { - "type": "string", - "mandatory": false + ] } } diff --git a/roles/gitlab-and-nginx/templates/conf.j2 b/roles/gitlab-and-nginx/templates/conf.j2 index 31fa777..fa4e246 100644 --- a/roles/gitlab-and-nginx/templates/conf.j2 +++ b/roles/gitlab-and-nginx/templates/conf.j2 @@ -73,7 +73,7 @@ server { listen 80; listen [::]:80 ipv6only=on; -{% if var_gitlab_and_nginx_tls_mode == 'force' %} +{% if (var_gitlab_and_nginx_tls_mode == 'force') %} return 301 https://$http_host$request_uri; {% else %} access_log /var/log/nginx/gitlab_access.log; @@ -83,7 +83,7 @@ server { {% endif %} } -{% if var_gitlab_and_nginx_tls_mode != 'disable' %} +{% if (var_gitlab_and_nginx_tls_mode != 'disable') %} server { server_name {{var_gitlab_and_nginx_domain}}; server_tokens off; diff --git a/roles/hedgedoc-and-nginx/templates/conf.j2 b/roles/hedgedoc-and-nginx/templates/conf.j2 index 6dd578e..d70f0fc 100644 --- a/roles/hedgedoc-and-nginx/templates/conf.j2 +++ b/roles/hedgedoc-and-nginx/templates/conf.j2 @@ -29,14 +29,14 @@ server { listen 80; listen [::]:80; -{% if (var_element_and_nginx_tls_mode == "force") %} +{% if (var_element_and_nginx_tls_mode == 'force') %} return 301 https://$http_host$request_uri; {% else %} {{ hedgedoc_common() }} {% endif %} } -{% if (var_element_and_nginx_tls_mode != "disable") %} +{% if (var_element_and_nginx_tls_mode != 'disable') %} server { server_name {{var_hedgedoc_and_nginx_domain}}; diff --git a/roles/synapse-and-nginx/templates/conf.j2 b/roles/synapse-and-nginx/templates/conf.j2 index 47f6269..c2c40d5 100644 --- a/roles/synapse-and-nginx/templates/conf.j2 +++ b/roles/synapse-and-nginx/templates/conf.j2 @@ -17,14 +17,14 @@ server { listen 80; listen [::]:80; -{% if (var_synapse_and_nginx_tls_mode == "force") %} +{% if (var_synapse_and_nginx_tls_mode == 'force') %} return 301 https://$http_host$request_uri; {% else %} {{ synapse_common() }} {% endif %} } -{% if (var_element_and_nginx_tls_mode != "disable") %} +{% if (var_element_and_nginx_tls_mode != 'disable') %} server { server_name {{var_synapse_and_nginx_domain}}; diff --git a/roles/vikunja-and-nginx/templates/conf.j2 b/roles/vikunja-and-nginx/templates/conf.j2 index 854d39d..211f4ea 100644 --- a/roles/vikunja-and-nginx/templates/conf.j2 +++ b/roles/vikunja-and-nginx/templates/conf.j2 @@ -11,14 +11,14 @@ server { listen 80; listen [::]:80; -{% if (var_vikunja_and_nginx_tls_mode == "force") %} +{% if (var_vikunja_and_nginx_tls_mode == 'force') %} return 301 https://$http_host$request_uri; {% else %} {{ vikunja_common() }} {% endif %} } -{% if (var_vikunja_and_nginx_tls_mode != "disable") %} +{% if (var_vikunja_and_nginx_tls_mode != 'disable') %} server { server_name {{var_vikunja_and_nginx_domain}};