chore: move out the server roles

Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-12 21:06:00 +02:00 · 2024-07-12 21:06:00 +02:00 · c7293cd6ea
commit c7293cd6ea
parent 0283426127
18 changed files with 8 additions and 8 deletions
--- a/roles/server/certbot/tasks/install.yml
+++ b/roles/server/certbot/tasks/install.yml
--- a/roles/server/certbot/tasks/main.yml
+++ b/roles/server/certbot/tasks/main.yml
--- a/roles/server/certbot/templates/cloudflare.ini
+++ b/roles/server/certbot/templates/cloudflare.ini
--- a/roles/server/cups/tasks/install.yml
+++ b/roles/server/cups/tasks/install.yml
--- a/roles/server/cups/tasks/main.yml
+++ b/roles/server/cups/tasks/main.yml
--- a/roles/server/ddns/files/ddns.service
+++ b/roles/server/ddns/files/ddns.service
--- a/roles/server/ddns/files/ddns.timer
+++ b/roles/server/ddns/files/ddns.timer
--- a/roles/server/ddns/tasks/main.yml
+++ b/roles/server/ddns/tasks/main.yml
--- a/roles/server/ddns/templates/inadyn.conf
+++ b/roles/server/ddns/templates/inadyn.conf
--- a/roles/server/nginx/defaults/main.yml
+++ b/roles/server/nginx/defaults/main.yml
@ -1,6 +1,6 @@
 ---
 # Name of the certificate generated by Certbot
-server_nginx_certname: None
+nginx_certname: None

 # List of reverse proxies to be set up; objects of ‹domain›, ‹upstream› and
 # ‹protocol› for proxying, e.g.:
@ -8,4 +8,4 @@ server_nginx_certname: None
 #     - domain: "cockpit"
 #       upstream: "127.0.0.1:9090"
 #       protocol: "https"
-server_nginx_reverse_proxy: []
+nginx_reverse_proxy: []
--- a/roles/server/nginx/files/nginx.conf
+++ b/roles/server/nginx/files/nginx.conf
--- a/roles/server/nginx/files/proxy.conf
+++ b/roles/server/nginx/files/proxy.conf
--- a/roles/server/nginx/tasks/install.yml
+++ b/roles/server/nginx/tasks/install.yml
--- a/roles/server/nginx/tasks/main.yml
+++ b/roles/server/nginx/tasks/main.yml
@ -61,7 +61,7 @@
    proxy_domain: "{{ item.domain }}"
    proxy_upstream: "{{ item.upstream }}"
    proxy_protocol: "{{ item.protocol }}"
-  loop: "{{ server_nginx_reverse_proxy }}"
+  loop: "{{ nginx_reverse_proxy }}"

 # ‹httpd_can_network_relay› was not enough for the ubiquiti reverse proxy
 - name: Allow reverse proxy in SELinux
@ -69,7 +69,7 @@
    name: httpd_can_network_connect
    state: true
    persistent: true
-  when: "ansible_facts.selinux.status == 'enabled' and server_nginx_reverse_proxy"
+  when: "ansible_facts.selinux.status == 'enabled' and nginx_reverse_proxy"

 - name: Enable nginx on firewall
  ansible.posix.firewalld:
--- a/roles/server/nginx/templates/http.conf
+++ b/roles/server/nginx/templates/http.conf
@ -33,8 +33,8 @@ http {
        server_name  {{ host_fqdn }};
        root         /usr/share/nginx/html;

-        ssl_certificate      /etc/letsencrypt/live/{{ server_nginx_certname }}/fullchain.pem;
-        ssl_certificate_key  /etc/letsencrypt/live/{{ server_nginx_certname }}/privkey.pem;
+        ssl_certificate      /etc/letsencrypt/live/{{ nginx_certname }}/fullchain.pem;
+        ssl_certificate_key  /etc/letsencrypt/live/{{ nginx_certname }}/privkey.pem;

        # Allow TLS version 1.2 only, which is a recommended default these days
        # by international information security standards.
--- a/roles/server/nginx/templates/me.conf
+++ b/roles/server/nginx/templates/me.conf
--- a/roles/server/nginx/templates/reverse_proxy.conf
+++ b/roles/server/nginx/templates/reverse_proxy.conf
--- a/roles/server/nginx/templates/ssl.conf
+++ b/roles/server/nginx/templates/ssl.conf
@ -1,7 +1,7 @@
 listen       443 ssl http2;

-ssl_certificate      /etc/letsencrypt/live/{{ server_nginx_certname }}/fullchain.pem;
-ssl_certificate_key  /etc/letsencrypt/live/{{ server_nginx_certname }}/privkey.pem;
+ssl_certificate      /etc/letsencrypt/live/{{ nginx_certname }}/fullchain.pem;
+ssl_certificate_key  /etc/letsencrypt/live/{{ nginx_certname }}/privkey.pem;

 # Allow TLS version 1.2 only, which is a recommended default these days
 # by international information security standards.