Nginx variable refactoring and general bug solving. Got interupted commit not tested

group_vars/all/05_nginx.yml

@@ -1,12 +1,16 @@
 # Webserver Configuration
 
 ## Nginx-Specific Path Configurations
-nginx_configuration_directory:  "/etc/nginx/conf.d/"                            # General configuration dir
-nginx_servers_directory:        "{{nginx_configuration_directory}}servers/"     # Contains server blogs
-nginx_maps_directory:           "{{nginx_configuration_directory}}maps/"        # Contains mappins
-nginx_streams_directory:        "{{nginx_configuration_directory}}streams/"     # Contains streams configuration e.g. for ldaps
-nginx_well_known_root:          "/usr/share/nginx/well-known/"                  # Path where well-known files are stored
-nginx_homepage_root:            "/usr/share/nginx/homepage/"                    # Path where the static homepage files are stored
+nginx:
+  directories:
+    configuration:  "/etc/nginx/conf.d/"              # Configuration directory
+    http:
+      global:       "/etc/nginx/conf.d/http/global"   # Contains global configurations which will be loaded into the http block
+      servers:      "/etc/nginx/conf.d/http/servers"  # Contains one configuration per domain
+      maps:         "/etc/nginx/conf.d/http/maps/"    # Contains mappings
+    streams:        "/etc/nginx/conf.d/streams/"      # Contains streams configuration e.g. for ldaps
+    well_known:     "/usr/share/nginx/well-known/"    # Path where well-known files are stored
+    homepage:       "/usr/share/nginx/homepage/"      # Path where the static homepage files are stored. @todo Move this variable to the role
 
 ## Nginx static repository
-nginx_static_repository_address: NULL #This should contain the url to an git repository which has a static homepage included and an index.html file
+nginx_static_repository_address: NULL #This should contain the url to an git repository which has a static homepage included and an index.html file. @todo move this variable to the role

roles/docker-attendize/tasks/main.yml

@@ -13,7 +13,7 @@
 - name: configure {{domain}}.conf
   template: 
     src: roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 
-    dest: "{{nginx_servers_directory}}{{domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
   notify: restart nginx
 
 - name: "include tasks update-repository-with-docker-compose.yml"

roles/docker-bigbluebutton/tasks/main.yml

@@ -12,7 +12,7 @@
 #- name: configure {{domain}}.conf
 #  template: 
 #    src:  "nginx-proxy.conf.j2"
-#    dest: "{{nginx_servers_directory}}{{domain}}.conf"
+#    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
 #  notify: restart nginx
 
 - name: "include tasks nginx-docker-proxy-domain.yml"
@@ -21,7 +21,7 @@
 - name: configure websocket_upgrade.conf
   copy: 
     src:  "websocket_upgrade.conf"
-    dest: "{{nginx_maps_directory}}websocket_upgrade.conf"
+    dest: "{{nginx.directories.http.maps}}websocket_upgrade.conf"
   notify: restart nginx
 
 - name: pull docker repository

roles/docker-compose/tasks/main.yml

@@ -2,9 +2,10 @@
   set_fact:
     docker_compose_instance_directory: "{{ path_docker_compose_instances }}{{ application_id }}/"
 
-- name: "Set global domain to {{ domains[application_id] }}"
+- name: "Set global domain based on application_id"
   set_fact:
-    domain: "{{ domains[application_id] }}"
+    domain: "{{ domains[application_id] if application_id in domains else None }}"
+  # Default case: One Domain exists. Some applications like matrix don't have an default key
 
 - name: "Set global http_port to {{ ports.localhost.http_ports[application_id] }}"
   set_fact:

roles/docker-ldap/tasks/main.yml

@@ -9,13 +9,13 @@
 - name: Create {{domain}}.conf if LDAP is exposed to internet
   template: 
     src:  "nginx.stream.conf.j2" 
-    dest: "{{nginx_streams_directory}}{{domain}}.conf"
+    dest: "{{nginx.directories.streams}}{{domain}}.conf"
   notify: restart nginx
   when: ldap_expose_to_internet | bool
 
 - name: Remove {{domain}}.conf if LDAP is not exposed to internet
   file:
-    path: "{{ nginx_streams_directory }}{{ domain }}.conf"
+    path: "{{ nginx.directories.streams }}{{ domain }}.conf"
     state: absent
   when: not ldap_expose_to_internet | bool
 

roles/docker-mastodon/tasks/create-domains.yml

@@ -4,5 +4,5 @@
 - name: configure {{domain}}.conf
   template: 
     src:  "mastodon.conf.j2" 
-    dest: "{{nginx_servers_directory}}{{domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
   notify: restart nginx

roles/docker-matrix-compose/tasks/main.yml

@@ -6,7 +6,7 @@
   include_tasks: certbot-matomo.yml
   vars:
     domain:     "{{domains.matrix_synapse}}"
-    http_port:  "{{ports.localhost.http_port[matrix_synapse]}}"
+    http_port:  "{{ports.localhost.http_ports.matrix_synapse}}"
 
 - name: create {{well_known_directory}}
   file:
@@ -22,17 +22,17 @@
 - name: create {{domains.matrix_synapse}}.conf
   template: 
     src:  "templates/nginx.conf.j2" 
-    dest: "{{nginx_servers_directory}}{{domains.matrix_synapse}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domains.matrix_synapse}}.conf"
   vars:
     domain:     "{{domains.matrix_synapse}}"
-    http_port:  "{{ports.localhost.http_port[matrix_synapse]}}"
+    http_port:  "{{ports.localhost.http_ports.matrix_synapse}}"
   notify: restart nginx
         
 - name: "include tasks nginx-docker-proxy-domain.yml for element"
   include_tasks: nginx-docker-proxy-domain.yml
   vars:        
     domain:     "{{domains.matrix_element}}"
-    http_port:  "{{ports.localhost.http_port[matrix_element]}}"
+    http_port:  "{{ports.localhost.http_ports.matrix_element}}"
 
 - name: include create-and-seed-database.yml for multiple bridges
   include_tasks: create-and-seed-database.yml

roles/docker-matrix-compose/templates/docker-compose.yml.j2

@@ -19,7 +19,7 @@ services:
       - SYNAPSE_SERVER_NAME={{domains.matrix_synapse}}
       - SYNAPSE_REPORT_STATS=no
     ports:
-      - "127.0.0.1:{{ports.localhost.http_port[matrix_synapse]}}:8008"
+      - "127.0.0.1:{{ports.localhost.http_ports.matrix_synapse}}:8008"
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:8008/"]
       interval: 1m
@@ -39,7 +39,7 @@ services:
     volumes:
       - ./element-config.json:/app/config.json
     ports:
-      - "127.0.0.1:{{ports.localhost.http_port[matrix_element]}}:80"
+      - "127.0.0.1:{{ports.localhost.http_ports.matrix_element}}:80"
     healthcheck:
       test: ["CMD", "wget", "--spider", "-q", "http://localhost:80/"]
       interval: 1m

roles/docker-matrix-compose/vars/main.yml

@@ -3,7 +3,7 @@ application_id:  	        "matrix"
 database_password:  	    "{{matrix_database_password}}"
 database_type:            "postgres"
 registration_file_folder: "/data/"
-well_known_directory:     "{{nginx_well_known_root}}/matrix/"
+well_known_directory:     "{{nginx.directories.well_known}}/matrix/"
 
 bridges:
   - database_password: "{{ mautrix_whatsapp_bridge_database_password }}"

roles/docker-mybb/vars/main.yml

@@ -2,7 +2,7 @@
 application_id:  	                              "mybb"
 docker_compose_instance_confd_directory:        "{{docker_compose_instance_directory}}conf.d/"
 docker_compose_instance_confd_defaultconf_file: "{{docker_compose_instance_confd_directory}}default.conf"
-target_mount_conf_d_directory:                  "{{nginx_servers_directory}}"
+target_mount_conf_d_directory:                  "{{nginx.directories.http.servers}}"
 source_domain:                                  "mybb.{{primary_domain}}"
 database_password:                              "{{mybb_database_password}}"
 database_type:                                  "mariadb"

roles/docker-nextcloud/tasks/main.yml

@@ -8,7 +8,7 @@
 - name: configure {{domain}}.conf
   template: 
     src:  "templates/nextcloud.conf.j2" 
-    dest: "{{nginx_servers_directory}}{{domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
   notify: restart nginx
 
 - name: create nginx.conf

roles/docker-peertube/tasks/create-domains.yml

@@ -4,5 +4,5 @@
 - name: configure {{domain}}.conf
   template: 
     src:  "templates/peertube.conf.j2"
-    dest: "{{nginx_servers_directory}}{{domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
   notify: restart nginx

roles/health-nginx/templates/health-nginx.py.j2

@@ -4,7 +4,7 @@ import sys
 import re
 
 # file in which fqdn server configs are deposit
-config_path = '{{nginx_servers_directory}}'
+config_path = '{{nginx.directories.http.servers}}'
 
 # Initialize the error counter
 error_counter = 0

roles/letsencrypt/tasks/main.yml

@@ -1,5 +1,7 @@
 - name: create nginx letsencrypt config file
-  template: src=letsencrypt.conf.j2 dest={{nginx_servers_directory}}letsencrypt.conf
+  template: 
+    src:  "letsencrypt.conf.j2"
+    dest: "{{nginx.directories.http.global}}letsencrypt.conf"
   notify: restart nginx
   when: run_once_letsencrypt is not defined
 

roles/nginx-domain-redirect/tasks/main.yml

@@ -11,6 +11,6 @@
     target_domain: "{{item.target}}"
   template: 
     src:  redirect.domain.nginx.conf.j2
-    dest: "{{nginx_servers_directory}}{{ domain }}.conf"
+    dest: "{{nginx.directories.http.servers}}{{ domain }}.conf"
   loop: "{{domain_mappings}}"
   notify: restart nginx

roles/nginx-static-repository/README.md

@@ -11,7 +11,7 @@ This Ansible role configures an Nginx server to serve a static homepage. It hand
 
 ## Role Variables
 
-- `nginx_homepage_root`: The directory where the homepage content will be stored (default: `/usr/share/nginx/homepage`)
+- `nginx.directories.homepage`: The directory where the homepage content will be stored (default: `/usr/share/nginx/homepage`)
 - `domain`: The domain name for the Nginx server configuration
 - `administrator_email`: The email used for SSL certificate registration with Let's Encrypt
 - `nginx_static_repository_address`: The Git repository address containing the homepage content

roles/nginx-static-repository/tasks/main.yml

@@ -2,14 +2,14 @@
 - name: "pull homepage from {{nginx_static_repository_address}}"
   git:
     repo: "{{nginx_static_repository_address}}"
-    dest: "{{nginx_homepage_root}}"
+    dest: "{{nginx.directories.homepage}}"
     update: yes
   ignore_errors: true
 
 - name: configure {{primary_domain}}.conf
   template: 
     src:  "static.nginx.conf.j2" 
-    dest: "{{nginx_servers_directory}}{{primary_domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{primary_domain}}.conf"
   vars:
     domain: "{{primary_domain}}"
   notify: restart nginx

roles/nginx-static-repository/templates/static.nginx.conf.j2

@@ -13,12 +13,12 @@ server
   
   location /
   {
-    root {{nginx_homepage_root}};
+    root {{nginx.directories.homepage}};
     index index.html index.htm;
   }
 
   location /.well-known/ {
-    alias {{nginx_well_known_root}};
+    alias {{nginx.directories.well_known}};
     allow all;
     default_type "text/plain";
     autoindex on;

roles/nginx-www-redirect/README.md

@@ -1,13 +1,13 @@
 # README.md for nginx-www-redirect Role
 
 ## Overview
-The `nginx-www-redirect` role is designed to automate the process of setting up redirects from `www.domain.tld` to `domain.tld` for all domains and subdomains configured within the `{{nginx_servers_directory}}` directory. This role dynamically identifies configuration files following the pattern `*domain.tld.conf` and creates corresponding redirection rules.
+The `nginx-www-redirect` role is designed to automate the process of setting up redirects from `www.domain.tld` to `domain.tld` for all domains and subdomains configured within the `{{nginx.directories.http.servers}}` directory. This role dynamically identifies configuration files following the pattern `*domain.tld.conf` and creates corresponding redirection rules.
 
 ## Role Description
 This role performs several key tasks:
-1. **Find Configuration Files**: Locates all `.conf` files in the `{{nginx_servers_directory}}` directory that match the `*.*.conf` pattern, ensuring that only domain and subdomain configurations are selected.
+1. **Find Configuration Files**: Locates all `.conf` files in the `{{nginx.directories.http.servers}}` directory that match the `*.*.conf` pattern, ensuring that only domain and subdomain configurations are selected.
    
-2. **Filter Domain Names**: Processes each configuration file, extracting the domain names and removing both the `.conf` extension and the `{{nginx_servers_directory}}` path.
+2. **Filter Domain Names**: Processes each configuration file, extracting the domain names and removing both the `.conf` extension and the `{{nginx.directories.http.servers}}` path.
 
 3. **Prepare Redirect Domain Mappings**: Transforms the filtered domain names into a source-target mapping format, where `source` is `www.domain.tld` and `target` is `domain.tld`.
 
@@ -25,7 +25,7 @@ Example playbook:
 
 ## Requirements
 - Ansible environment set up and configured to run roles.
-- Access to the `{{nginx_servers_directory}}` directory on the target hosts.
+- Access to the `{{nginx.directories.http.servers}}` directory on the target hosts.
 - The `nginx-domain-redirect` role must be present and properly configured to handle the redirection mappings.
 
 ## Notes

roles/nginx-www-redirect/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: Find all .conf
   ansible.builtin.find:
-    paths: "{{nginx_servers_directory}}"
+    paths: "{{nginx.directories.http.servers}}"
     patterns: '*.*.conf'
   register: conf_files
 
@@ -9,8 +9,8 @@
   set_fact:
     filtered_domains: "{{ conf_files.files | map(attribute='path') | map('regex_search', domain_regex) | select('string') | map('regex_replace', path_regex, '') | map('regex_replace', '.conf$', '') | list }}"
   vars:
-    domain_regex: "^{{ nginx_servers_directory }}(?!www\\.)[^/]+\\.conf$"
-    path_regex: "^{{ nginx_servers_directory }}"
+    domain_regex: "^{{nginx.directories.http.servers}}(?!www\\.)[^/]+\\.conf$"
+    path_regex: "^{{nginx.directories.http.servers}}"
 
 - name: The domains for which a www. redirect will be implemented
   debug:

roles/nginx/tasks/main.yml

@@ -11,15 +11,19 @@
   notify: restart nginx
   when: run_once_nginx is not defined and nginx_matomo_tracking | bool
 
+- name: "Delete {{nginx.directories.configuration}} directory, when mode_reset"
+  file:
+    path: "{{ nginx.directories.configuration }}"
+    state: absent
+  when: mode_reset and run_once_nginx is not defined
+
 - name: Ensure nginx configuration directories are present
   file:
     path: "{{ item }}"
     state: directory
     mode: '0755'
-  loop:
-    - "{{nginx_servers_directory}}"
-    - "{{nginx_maps_directory}}"
-    - "{{nginx_streams_directory}}"
+    recurse: yes
+  loop: "{{ nginx.directories.http + nginx.directories.streams }}"
   when: run_once_nginx is not defined
 
 - name: create nginx config file

roles/nginx/templates/nginx.conf.j2

@@ -34,11 +34,11 @@ http
   gzip_types application/atom+xml application/javascript application/xml+rss application/x-javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy text/javascript text/xml;
 
   types_hash_max_size 4096;  
-  include {{nginx_maps_directory}}*.conf;
-  include {{nginx_servers_directory}}*.conf;
+  include {{nginx.directories.http.maps}}*.conf;
+  include {{nginx.directories.http.servers}}*.conf;
 }
 
 # For port proxies
 stream{
-  include {{nginx_streams_directory}}*.conf;
+  include {{nginx.directories.streams}}*.conf;
 }

tasks/create-domain-conf.yml

@@ -1,5 +1,5 @@
 - name: configure {{domain}}.conf
   template: 
     src:  "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2" 
-    dest: "{{nginx_servers_directory}}{{domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
   notify: restart nginx