Solved mapping bugs

group_vars/all/03_domains.yml

@@ -38,7 +38,7 @@ defaults_domains:
   wordpress:              ["wordpress.{{primary_domain}}","blog.{{primary_domain}}"]
 
 ## Domain Redirects
-redirect_domain_mappings:
+defaults_redirect_domain_mappings:
 - { source: "akaunting.{{primary_domain}}",   target: "{{domains.akaunting}}" }
 - { source: "bbb.{{primary_domain}}",         target: "{{domains.bigbluebutton}}" }
 - { source: "discourse.{{primary_domain}}",   target: "{{domains.discourse}}" }

playbook.constructor.yml

@@ -8,6 +8,9 @@
   - name: Merge domain definitions
     set_fact:
       domains: "{{ defaults_domains | combine(domains | default({}, true), recursive=True) }}"
+  - name: Merge redirect domain definitions
+    set_fact:
+      redirect_domain_mappings: "{{ defaults_redirect_domain_mappings | combine(redirect_domain_mappings | default({}, true), recursive=True) }}"
   - name: Merge application definitions
     set_fact:
       applications: "{{ defaults_applications | combine(applications | default({}, true), recursive=True) }}"

roles/nginx-domain-redirect/tasks/main.yml

@@ -5,12 +5,16 @@
     domain: "{{item.source}}"
   loop: "{{domain_mappings}}"
 
+- name: The domains for which a www. redirect will be implemented
+  debug:
+    var: domain_mappings
+  when: mode_debug | bool
+
 - name: configure nginx redirect configurations
   vars:
-    domain: "{{item.source}}"
-    target_domain: "{{item.target}}"
+    item: "{{item}}"
   template: 
     src:  redirect.domain.nginx.conf.j2
-    dest: "{{nginx.directories.http.servers}}{{ domain }}.conf"
-  loop: "{{domain_mappings}}"
+    dest: "{{nginx.directories.http.servers}}{{item.source}}.conf"
+  loop:   "{{domain_mappings}}"
   notify: restart nginx

roles/nginx-domain-redirect/templates/redirect.domain.nginx.conf.j2

@@ -1,5 +1,8 @@
 server {
+  {% set domain = item.source %}
+  {% set target = item.target %}
   server_name {{domain}};
   {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
-  return 301 https://{{target_domain}}$request_uri;
+
+  return 301 https://{{target}}$request_uri;
 }

roles/nginx-www-redirect/tasks/main.yml

@@ -42,7 +42,7 @@
     domain: "{{primary_domain}}"
   template: 
     src:  www.wildcard.conf.j2
-    dest: "{{nginx_www_wildcart_configuration}}"
+    dest: "{{nginx_www_wildcard_configuration}}"
   notify: restart nginx
   when: enable_wildcard_certificate | bool
 
@@ -65,21 +65,30 @@
 
 
 # Cleanup
-- name: Cleanup dedicated nginx configurations for www redirect configuration
-  file:
-    path: "{{ nginx.directories.http.servers }}{{ item.source }}.conf"
-    state: absent
-  loop: "{{ filtered_domains_with_primary_domain | map('regex_replace', '^(.*)$', '{ source: \"www.\\1\", target: \"\\1\" }') | map('from_yaml') | list }}"
-  notify: restart nginx
-  when: 
-    - enable_wildcard_certificate | bool
-    - mode_cleanup
+# Deactivated due to complexity
+#- name: Cleanup dedicated nginx configurations for www redirect configuration
+#  file:
+#    path: "{{ nginx.directories.http.servers }}{{ item.source }}.conf"
+#    state: absent
+#  # Filter: Only first-level subdomains of primary_domain
+#  # Exclude the primary domain itself
+#  # Transform for www redirection
+#  loop: "{{ filtered_domains_with_primary_domain 
+#            | select('regex_search', '^[^.]+\\.' ~ primary_domain ~ '$') 
+#            | reject('equalto', primary_domain)  
+#            | map('regex_replace', '^(.*)$', '{ source: \"www.\\1\", target: \"\\1\" }')  
+#            | map('from_yaml') 
+#            | list }}"
+#  notify: restart nginx
+#  when: 
+#    - enable_wildcard_certificate | bool  # Wildcard certificate must be enabled
+#    - mode_cleanup | bool                 # Cleanup mode must be enabled
 
-- name: Cleanup {{nginx_www_wildcart_configuration}}
+- name: Cleanup {{nginx_www_wildcard_configuration}}
   file:
-    path: "{{nginx_www_wildcart_configuration}}"
+    path: "{{nginx_www_wildcard_configuration}}"
     state: absent
   notify: restart nginx
   when: 
     - not enable_wildcard_certificate | bool
-    - mode_cleanup
+    - mode_cleanup | bool

roles/nginx-www-redirect/vars/main.yml

@@ -1 +1 @@
-nginx_www_wildcart_configuration: "{{nginx.directories.http.global}}www.wildcard.conf"
+nginx_www_wildcard_configuration: "{{nginx.directories.http.global}}www.wildcard.conf"

tasks/recieve-certbot-certificate.yml

@@ -1,28 +1,39 @@
-- name: "recieve certbot certificate for {{ domain }}"
+- name: "recieve dedicated certificate for {{ domain }}"
   command: >-
     certbot certonly --agree-tos --email {{ administrator_email }}
     --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{ domain }}
     {{ '--test-cert' if mode_test | bool else '' }}
-  when: not enable_wildcard_certificate | bool or primary_domain not in domain
+  when: 
+    - not enable_wildcard_certificate | bool  
+      # Wildcard certificate should not be used
+    - not (domain.split('.') | length == (primary_domain.split('.') | length + 1) and domain.endswith(primary_domain))
+      # OR: The domain is not a first-level subdomain of the primary domain
 
-- name: "recieve certbot certificate for *{{ primary_domain }}"
+- name: "recieve wildcard certificate for *{{ primary_domain }}"
   command: >-
-    certbot certonly --agree-tos --email {{ administrator_email }}
+    certbot certonly --agree-tos --email {{ administrator_email }}                                          
     --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{ primary_domain }} -d *.{{ primary_domain }}
     {{ '--test-cert' if mode_test | bool else '' }}
   when: 
-    - enable_wildcard_certificate | bool
-    - primary_domain in domain
-    - run_once_recieve_certificate is not defined
+    - enable_wildcard_certificate | bool  
+      # Wildcard certificate is enabled
+    - domain.split('.') | length == (primary_domain.split('.') | length + 1) and domain.endswith(primary_domain)
+      # AND: The domain is a direct first-level subdomain of the primary domain
+    - run_once_recieve_certificate is not defined  
+      # Ensure this task runs only once for the wildcard certificate
 
 - name: "Cleanup dedicated cert for {{ domain }}"
   command: >-
     certbot delete --cert-name {{ domain }} --non-interactive
   when: 
-    - mode_cleanup | bool
-    - enable_wildcard_certificate | bool
-    - primary_domain in domain
-    - domain != primary_domain
+    - mode_cleanup | bool  
+      # Cleanup mode is enabled
+    - enable_wildcard_certificate | bool  
+      # Wildcard certificate is enabled
+    - domain.split('.') | length == (primary_domain.split('.') | length + 1) and domain.endswith(primary_domain)
+      # AND: The domain is a direct first-level subdomain of the primary domain
+    - domain != primary_domain  
+      # The domain is not the primary domain
   ignore_errors: true
 
 - name: run the recieve_certificate tasks once