From 936fdbad66c98ea1aedf0003303ce393469c7455 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Tue, 21 Jan 2025 14:09:06 +0100 Subject: [PATCH] In between commit LDAP integration --- group_vars/all | 152 ++++++++++-------- playbook.servers.yml | 2 +- .../templates/docker-compose.yml.j2 | 4 +- .../templates/docker-compose.yml.j2 | 72 +++++---- roles/docker-ldap/vars/main.yml | 5 + roles/docker-mailu/tasks/main.yml | 2 +- .../templates/element.config.json.j2 | 2 +- roles/docker-mybb/README.md | 4 +- roles/docker-mybb/vars/main.yml | 2 +- .../templates/matomo-tracking.conf.j2 | 2 +- roles/nginx-matomo-tracking/vars/main.yml | 2 +- roles/nginx-static-repository/README.md | 2 +- roles/nginx-static-repository/tasks/main.yml | 10 +- roles/nginx/tasks/main.yml | 2 +- 14 files changed, 144 insertions(+), 119 deletions(-) create mode 100644 roles/docker-ldap/vars/main.yml diff --git a/group_vars/all b/group_vars/all index c5d082cc..2d4299e5 100644 --- a/group_vars/all +++ b/group_vars/all @@ -1,18 +1,23 @@ # General pause_duration: "120" # Database delay to wait for the central database before continue tasks -top_domain: "localhost" # Change this in inventory to your domain ip4_address: "127.0.0.1" # Change thie in inventory to the ip address of your server backups_folder_path: "/Backups/" # Path to the backups folder +## Domain +primary_domain_tld: "localhost" # Top Level Domain of the server +primary_domain_sld: "cymais" # Second Level Domain of the server +primary_domain: "{{primary_domain_sld}}.{{primary_domain_tld}}" # Primary Domain of the server + # Administrator -administrator_username: "administrator" # Username of the administrator -administrator_email: "{{administrator_username}}@{{top_domain}}" # Email of the administrator +administrator_username: "administrator" # Username of the administrator +administrator_email: "{{administrator_username}}@{{primary_domain}}" # Email of the administrator +#user_administrator_initial_password: EXAMPLE_PASSWORD_123456 # Example initialisation password needs to be set in inventory file # Email Configuration system_email_local: no-reply -system_email_domain: "{{top_domain}}" +system_email_domain: "{{primary_domain}}" system_email_username: "{{system_email_local}}@{{system_email_domain}}" -system_email_host: "mail.{{top_domain}}" +system_email_host: "mail.{{primary_domain}}" system_email_smtp_port: 465 system_email_tls: true system_email_start_tls: false @@ -20,7 +25,7 @@ system_email_from: "{{system_email_username}}" system_email_smtp: true # Test Email -test_email: "test@{{top_domain}}" +test_email: "test@{{primary_domain}}" # Mode @@ -36,7 +41,7 @@ mode_setup: false # Execute the setup and initializing procedures # Server Tact Variables ## Ours in which the server is "awake" (100% working). Rest of the time is reserved for maintanance -hours_server_awake: "0..23" +hours_server_awake: "0..23" ## Random delay for systemd timers to avoid peak loads. randomized_delay_sec: "5min" @@ -73,16 +78,16 @@ size_percent_disc_space_warning: 90 # Warning threshold in percent # Path Variables for Key Directories and Scripts -path_administrator_home: "/home/administrator/" -path_administrator_scripts: "{{path_administrator_home}}scripts/" -path_docker_volumes: "{{path_administrator_home}}volumes/docker/" -path_docker_compose_instances: "{{path_administrator_home}}docker-compose/" -path_system_lock_script: "{{path_administrator_scripts}}system-maintenance-lock.py" +path_administrator_home: "/home/administrator/" +path_administrator_scripts: "{{path_administrator_home}}scripts/" +path_docker_volumes: "{{path_administrator_home}}volumes/docker/" +path_docker_compose_instances: "{{path_administrator_home}}docker-compose/" +path_system_lock_script: "{{path_administrator_scripts}}system-maintenance-lock.py" # Runtime Variables for Process Control -activate_all_timers: false # Activates all timers, independend if the handlers had been triggered -nginx_matomo_tracking: false # Activates matomo tracking on all html pages +activate_all_timers: false # Activates all timers, independend if the handlers had been triggered +nginx_matomo_tracking: false # Activates matomo tracking on all html pages # System maintenance Services @@ -132,60 +137,63 @@ nginx_upstreams_directory: "{{nginx_configuration_directory}}upstreams/" nginx_well_known_root: "/usr/share/nginx/well-known/" # Path where well-known files are stored nginx_homepage_root: "/usr/share/nginx/homepage/" # Path where the static homepage files are stored +## Nginx static repository +nginx_static_repository_address: NULL #This should contain the url to an git repository which has a static homepage included and an index.html file + ## Domains ### Service Domains -domain_akaunting: "accounting.{{top_domain}}" -domain_attendize: "tickets.{{top_domain}}" -domain_baserow: "baserow.{{top_domain}}" -domain_bigbluebutton: "meet.{{top_domain}}" -domain_bluesky_api: "bluesky.{{top_domain}}" -domain_bluesky_web: "bskyweb.{{top_domain}}" -domain_discourse: "forum.{{top_domain}}" -domain_elk: "elk.{{top_domain}}" -domain_friendica: "friendica.{{top_domain}}" -domain_funkwhale: "music.{{top_domain}}" -domain_gitea: "git.{{top_domain}}" -domain_gitlab: "gitlab.{{top_domain}}" -domain_portfolio: "{{top_domain}}" -domain_keycloak: "auth.{{top_domain}}" -domain_listmonk: "newsletter.{{top_domain}}" +domain_akaunting: "accounting.{{primary_domain}}" +domain_attendize: "tickets.{{primary_domain}}" +domain_baserow: "baserow.{{primary_domain}}" +domain_bigbluebutton: "meet.{{primary_domain}}" +domain_bluesky_api: "bluesky.{{primary_domain}}" +domain_bluesky_web: "bskyweb.{{primary_domain}}" +domain_discourse: "forum.{{primary_domain}}" +domain_elk: "elk.{{primary_domain}}" +domain_friendica: "friendica.{{primary_domain}}" +domain_funkwhale: "music.{{primary_domain}}" +domain_gitea: "git.{{primary_domain}}" +domain_gitlab: "gitlab.{{primary_domain}}" +domain_portfolio: "{{primary_domain}}" +domain_keycloak: "auth.{{primary_domain}}" +domain_listmonk: "newsletter.{{primary_domain}}" domain_mailu: "{{system_email_host}}" -domain_mastodon: "microblog.{{top_domain}}" -domains_mastodon_alternates: ["mastodon.{{top_domain}}"] -domain_matomo: "matomo.{{top_domain}}" -domain_matrix_synapse: "matrix.{{top_domain}}" -domain_matrix_element: "element.{{top_domain}}" -domain_moodle: "academy.{{top_domain}}" -domain_mediawiki: "wiki.{{top_domain}}" -domain_nextcloud: "cloud.{{top_domain}}" -domain_openproject: "project.{{top_domain}}" -domain_pixelfed: "picture.{{top_domain}}" -domain_peertube: "video.{{top_domain}}" +domain_mastodon: "microblog.{{primary_domain}}" +domains_mastodon_alternates: ["mastodon.{{primary_domain}}"] +domain_matomo: "matomo.{{primary_domain}}" +domain_matrix_synapse: "matrix.{{primary_domain}}" +domain_matrix_element: "element.{{primary_domain}}" +domain_moodle: "academy.{{primary_domain}}" +domain_mediawiki: "wiki.{{primary_domain}}" +domain_nextcloud: "cloud.{{primary_domain}}" +domain_openproject: "project.{{primary_domain}}" +domain_pixelfed: "picture.{{primary_domain}}" +domain_peertube: "video.{{primary_domain}}" domains_peertube: [] -domain_roulette: "roulette.{{top_domain}}" -domain_taiga: "kanban.{{top_domain}}" -domain_yourls: "s.{{top_domain}}" -domains_wordpress: ["wordpress.{{top_domain}}","blog.{{top_domain}}"] +domain_roulette: "roulette.{{primary_domain}}" +domain_taiga: "kanban.{{primary_domain}}" +domain_yourls: "s.{{primary_domain}}" +domains_wordpress: ["wordpress.{{primary_domain}}","blog.{{primary_domain}}"] ### Domain Redirects redirect_domain_mappings: -- { source: "akaunting.{{top_domain}}", target: "{{domain_akaunting}}" } -- { source: "bbb.{{top_domain}}", target: "{{domain_bigbluebutton}}" } -- { source: "discourse.{{top_domain}}", target: "{{domain_discourse}}" } -- { source: "funkwhale.{{top_domain}}", target: "{{domain_funkwhale}}" } -- { source: "gitea.{{top_domain}}", target: "{{domain_gitea}}" } -- { source: "keycloak.{{top_domain}}", target: "{{domain_keycloak}}" } -- { source: "listmonk.{{top_domain}}", target: "{{domain_listmonk}}" } -- { source: "moodle.{{top_domain}}", target: "{{domain_moodle}}" } -- { source: "nextcloud.{{top_domain}}", target: "{{domain_nextcloud}}" } -- { source: "openproject.{{top_domain}}", target: "{{domain_openproject}}" } -- { source: "peertube.{{top_domain}}", target: "{{domain_peertube}}" } -- { source: "pictures.{{top_domain}}", target: "{{domain_pixelfed}}" } -- { source: "pixelfed.{{top_domain}}", target: "{{domain_pixelfed}}" } -- { source: "short.{{top_domain}}", target: "{{domain_yourls}}" } -- { source: "taiga.{{top_domain}}", target: "{{domain_taiga}}" } -- { source: "videos.{{top_domain}}", target: "{{domain_peertube}}" } +- { source: "akaunting.{{primary_domain}}", target: "{{domain_akaunting}}" } +- { source: "bbb.{{primary_domain}}", target: "{{domain_bigbluebutton}}" } +- { source: "discourse.{{primary_domain}}", target: "{{domain_discourse}}" } +- { source: "funkwhale.{{primary_domain}}", target: "{{domain_funkwhale}}" } +- { source: "gitea.{{primary_domain}}", target: "{{domain_gitea}}" } +- { source: "keycloak.{{primary_domain}}", target: "{{domain_keycloak}}" } +- { source: "listmonk.{{primary_domain}}", target: "{{domain_listmonk}}" } +- { source: "moodle.{{primary_domain}}", target: "{{domain_moodle}}" } +- { source: "nextcloud.{{primary_domain}}", target: "{{domain_nextcloud}}" } +- { source: "openproject.{{primary_domain}}", target: "{{domain_openproject}}" } +- { source: "peertube.{{primary_domain}}", target: "{{domain_peertube}}" } +- { source: "pictures.{{primary_domain}}", target: "{{domain_pixelfed}}" } +- { source: "pixelfed.{{primary_domain}}", target: "{{domain_pixelfed}}" } +- { source: "short.{{primary_domain}}", target: "{{domain_yourls}}" } +- { source: "taiga.{{primary_domain}}", target: "{{domain_taiga}}" } +- { source: "videos.{{primary_domain}}", target: "{{domain_peertube}}" } ## Docker Applications @@ -202,7 +210,7 @@ docker_restart_policy: "unless-stopped" #### Akaunting akaunting_version: "latest" -akaunting_company_name: "{{top_domain}}" +akaunting_company_name: "{{primary_domain}}" akaunting_company_email: "{{administrator_email}}" akaunting_setup_admin_email: "{{administrator_email}}" @@ -232,13 +240,19 @@ gitlab_version: "latest" joomla_version: "latest" #### Keycloak -keycloak_version: "latest" -keycloak_administrator_username: "{{administrator_username}}" +keycloak_version: "latest" +keycloak_administrator_username: "{{administrator_username}}" + +#### LDAP +ldap_version: "latest" +ldap_administrator_username: "{{administrator_username}}" +ldap_administrator_password: "{{user_administrator_initial_password}}" #CHANGE for security reasons +# ldap_database_password: # Needs to be defined in inventory #### Listmonk -listmonk_admin_username: "admin" +listmonk_admin_username: "{{administrator_username}}" listmonk_public_api_activated: False # Security hole. Can be used for spaming -listmonk_version: "latest" +listmonk_version: "latest" #### MariaDB mariadb_version: "latest" @@ -254,17 +268,17 @@ mastodon_single_user_mode: false matrix_administrator_username: "{{administrator_username}}" # Accountname of the matrix admin matrix_playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start matrix_role: "compose" # Role to setup Matrix. Valid values: ansible, compose -matrix_server_name: "{{top_domain}}" # Adress for the account names etc. +matrix_server_name: "{{primary_domain}}" # Adress for the account names etc. matrix_synapse_version: "latest" matrix_element_version: "latest" #### Mailu mailu_version: "2024.06" -mailu_domain: "{{top_domain}}" +mailu_domain: "{{primary_domain}}" mailu_subnet: "192.168.203.0/24" #### Moodle -moodle_site_name: "Global Learning Academy on {{top_domain}}" +moodle_site_name: "Global Learning Academy on {{primary_domain}}" moodle_administrator_name: "{{administrator_username}}" moodle_administrator_email: "{{administrator_email}}" moodle_version: "latest" @@ -279,7 +293,7 @@ nextcloud_version: "production" # @see https://nextcloud.com/blog/nextclou peertube_version: "bookworm" #### Pixelfed -pixelfed_app_name: "Pictures on {{top_domain}}" +pixelfed_app_name: "Pictures on {{primary_domain}}" pixelfed_version: "latest" #### Postgres diff --git a/playbook.servers.yml b/playbook.servers.yml index a8b78fee..b41b1fa1 100644 --- a/playbook.servers.yml +++ b/playbook.servers.yml @@ -313,7 +313,7 @@ roles: - role: nginx-static-repository vars: - domain: "{{top_domain}}" + domain: "{{primary_domain}}" - name: setup redirect hosts hosts: redirect diff --git a/roles/docker-bluesky/templates/docker-compose.yml.j2 b/roles/docker-bluesky/templates/docker-compose.yml.j2 index 366aeabd..0ec4b9f1 100644 --- a/roles/docker-bluesky/templates/docker-compose.yml.j2 +++ b/roles/docker-bluesky/templates/docker-compose.yml.j2 @@ -11,7 +11,7 @@ services: PDS_ADMIN_EMAIL: "{{bluesky_administrator_email}}" PDS_SERVICE_DID: "did:web:{{domain_api}}" # See https://mattdyson.org/blog/2024/11/self-hosting-bluesky-pds/ - PDS_SERVICE_HANDLE_DOMAINS: ".{{top_domain}}" + PDS_SERVICE_HANDLE_DOMAINS: ".{{primary_domain}}" PDS_JWT_SECRET: "{{bluesky_pds_jwt_secret}}" PDS_ADMIN_PASSWORD: "{{bluesky_pds_admin_password}}" PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: "{{bluesky_pds_plc_rotation_key_k256_private_key_hex}}" @@ -47,7 +47,7 @@ services: args: REACT_APP_PDS_URL: "http://{{domain_api}}" # URL des PDS REACT_APP_API_URL: "http://{{domain_api}}" # API-URL des PDS - REACT_APP_SITE_NAME: "{{top_domain | upper}} - Bluesky" + REACT_APP_SITE_NAME: "{{primary_domain | upper}} - Bluesky" REACT_APP_SITE_DESCRIPTION: "Decentral Social " restart: {{docker_restart_policy}} ports: diff --git a/roles/docker-ldap/templates/docker-compose.yml.j2 b/roles/docker-ldap/templates/docker-compose.yml.j2 index 0f4bb8ef..70fa0765 100644 --- a/roles/docker-ldap/templates/docker-compose.yml.j2 +++ b/roles/docker-ldap/templates/docker-compose.yml.j2 @@ -1,36 +1,42 @@ -version: '2' - -networks: - my-network: - driver: bridge services: - openldap: - image: bitnami/openldap:2 - ports: - - '389:1389' - - '636:1636' - environment: - - LDAP_ADMIN_USERNAME=admin - - LDAP_ADMIN_PASSWORD=adminpassword - - LDAP_USERS=user01,user02 # Comma separated list of LDAP users to create in the default LDAP tree. Default: user01,user02 - - LDAP_PASSWORDS=password1,password2 #Comma separated list of passwords to use for LDAP users. Default: bitnami1,bitnami2 - - - LDAP_ROOT=dc=example,dc=org - - LDAP_ADMIN_DN=cn=admin,dc=example,dc=org + {% include 'templates/docker/services/' + database_type + '.yml.j2' %} - - MARIADB_ROOT_PASSWORD=root-password - - MARIADB_GALERA_MARIABACKUP_PASSWORD=backup-password - - MARIADB_USER=customuser - - MARIADB_DATABASE=customdatabase - - MARIADB_ENABLE_LDAP=yes - networks: - - my-network + openldap: + image: bitnami/openldap:{{ldap_version}} + logging: + driver: journald + restart: {{docker_restart_policy}} + ports: + - '127.0.0.1:389:1389' # Expose just on local host for security reasons + - '636:636' # Expose to internet + environment: + # GENERAL + LDAP_ADMIN_USERNAME: {{ldap_administrator_username}} # LDAP database admin user. + LDAP_ADMIN_PASSWORD: {{ldap_administrator_password}} # LDAP database admin password. + #LDAP_USERS: user01,user02 # Comma separated list of LDAP users to create in the default LDAP tree. Default: user01,user02 + #LDAP_PASSWORDS: password1,password2 # Comma separated list of passwords to use for LDAP users. Default: bitnami1,bitnami + LDAP_ROOT: {{ldap_root}} # LDAP baseDN (or suffix) of the LDAP tree. Default: dc=example,dc=org + LDAP_ADMIN_DN: {{ldap_admin_dn}} + + # TLS + LDAP_ENABLE_TLS: yes # Whether to enable TLS for traffic or not. Defaults to no + LDAP_REQUIRE_TLS: yes # Whether connections must use TLS. Will only be applied with LDAP_ENABLE_TLS active. Defaults to no + LDAP_LDAPS_PORT_NUMBER: 636 # Port used for TLS secure traffic. Priviledged port is supported (e.g. 636). Default: 1636 (non privileged port). + LDAP_TLS_CERT_FILE: File containing the certificate file for the TLS traffic. No defaults. + LDAP_TLS_KEY_FILE: File containing the key for certificate. No defaults. + LDAP_TLS_CA_FILE: File containing the CA of the certificate. No defaults. + LDAP_TLS_DH_PARAMS_FILE: File containing the DH parameters. No defaults. + + # Database Configuration + MARIADB_ROOT_PASSWORD=root-password + MARIADB_USER=customuser + MARIADB_DATABASE=customdatabase + MARIADB_ENABLE_LDAP=yes volumes: - - 'openldap_data:/bitnami/openldap' - myapp: - image: 'YOUR_APPLICATION_IMAGE' - networks: - - my-network -volumes: - openldap_data: - driver: local + - 'data:/bitnami/openldap' +{% include 'templates/docker/container/depends-on-just-database.yml.j2' %} +{% include 'templates/docker/container/networks.yml.j2' %} +{% include 'templates/docker/compose/volumes.yml.j2' %} + data: + +{% include 'templates/docker/compose/networks.yml.j2' %} diff --git a/roles/docker-ldap/vars/main.yml b/roles/docker-ldap/vars/main.yml new file mode 100644 index 00000000..0ef66621 --- /dev/null +++ b/roles/docker-ldap/vars/main.yml @@ -0,0 +1,5 @@ +docker_compose_project_name: "ldap" +database_type: "postgres" +database_password: "{{ldap_database_password}}" +ldap_root: "dc={{primary_domain_sld}},dc={{primary_domain_tld}}" +ldap_admin_dm: "cn={{ldap_administrator_username}},{{ldap_root}}" \ No newline at end of file diff --git a/roles/docker-mailu/tasks/main.yml b/roles/docker-mailu/tasks/main.yml index 9438b859..6944c23d 100644 --- a/roles/docker-mailu/tasks/main.yml +++ b/roles/docker-mailu/tasks/main.yml @@ -68,7 +68,7 @@ - name: execute database migration command: - cmd: "docker compose -p mailu exec admin flask mailu admin admin {{top_domain}} {{mailu_initial_root_password}}" + cmd: "docker compose -p mailu exec admin flask mailu admin admin {{primary_domain}} {{mailu_initial_root_password}}" chdir: "{{docker_compose_instance_directory}}" ignore_errors: true when: mode_setup |bool \ No newline at end of file diff --git a/roles/docker-matrix-compose/templates/element.config.json.j2 b/roles/docker-matrix-compose/templates/element.config.json.j2 index 618287df..3f73763d 100644 --- a/roles/docker-matrix-compose/templates/element.config.json.j2 +++ b/roles/docker-matrix-compose/templates/element.config.json.j2 @@ -5,7 +5,7 @@ "server_name": "{{domain_matrix_synapse}}" }, "m.identity_server": { - "base_url": "https://{{top_domain}}" + "base_url": "https://{{primary_domain}}" } }, "brand": "Element", diff --git a/roles/docker-mybb/README.md b/roles/docker-mybb/README.md index e4ec6fc7..95fe672d 100644 --- a/roles/docker-mybb/README.md +++ b/roles/docker-mybb/README.md @@ -8,8 +8,8 @@ ### Multi Domain Installation If you want to access your mybb over multiple domains, keep the following in mind: - Set Cookie Domain to nothing -- Access mybb for installation via mybb. -- Set the Board Url to mybb. +- Access mybb for installation via mybb. +- Set the Board Url to mybb. ### Manual Installation of MyBB Plugins diff --git a/roles/docker-mybb/vars/main.yml b/roles/docker-mybb/vars/main.yml index 6e7c4875..a6e6db9b 100644 --- a/roles/docker-mybb/vars/main.yml +++ b/roles/docker-mybb/vars/main.yml @@ -3,6 +3,6 @@ docker_compose_project_name: "mybb" docker_compose_instance_confd_directory: "{{docker_compose_instance_directory}}conf.d/" docker_compose_instance_confd_defaultconf_file: "{{docker_compose_instance_confd_directory}}default.conf" target_mount_conf_d_directory: "{{nginx_servers_directory}}" -source_domain: "mybb.{{top_domain}}" +source_domain: "mybb.{{primary_domain}}" database_password: "{{mybb_database_password}}" database_type: "mariadb" \ No newline at end of file diff --git a/roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2 b/roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2 index 4ea8f5dc..1d90f26e 100644 --- a/roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2 +++ b/roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2 @@ -3,5 +3,5 @@ more_set_headers "Content-Security-Policy: "; # sub filters to integrate matomo tracking code in nginx websites sub_filter '' ''; -sub_filter '' ''; +sub_filter '' ''; sub_filter_once off; \ No newline at end of file diff --git a/roles/nginx-matomo-tracking/vars/main.yml b/roles/nginx-matomo-tracking/vars/main.yml index e217202a..311412d0 100644 --- a/roles/nginx-matomo-tracking/vars/main.yml +++ b/roles/nginx-matomo-tracking/vars/main.yml @@ -1,2 +1,2 @@ -matomo_domain: "matomo.{{top_domain}}" +matomo_domain: "matomo.{{primary_domain}}" base_domain: "{{ domain | regex_replace('^(?:.*\\.)?(.+\\..+)$', '\\1') }}" diff --git a/roles/nginx-static-repository/README.md b/roles/nginx-static-repository/README.md index 09cfe84e..3da38c0d 100644 --- a/roles/nginx-static-repository/README.md +++ b/roles/nginx-static-repository/README.md @@ -14,7 +14,7 @@ This Ansible role configures an Nginx server to serve a static homepage. It hand - `nginx_homepage_root`: The directory where the homepage content will be stored (default: `/usr/share/nginx/homepage`) - `domain`: The domain name for the Nginx server configuration - `administrator_email`: The email used for SSL certificate registration with Let's Encrypt -- `nginx_homepage_repository_address`: The Git repository address containing the homepage content +- `nginx_static_repository_address`: The Git repository address containing the homepage content ## Dependencies diff --git a/roles/nginx-static-repository/tasks/main.yml b/roles/nginx-static-repository/tasks/main.yml index 4d92eeae..60022fe0 100644 --- a/roles/nginx-static-repository/tasks/main.yml +++ b/roles/nginx-static-repository/tasks/main.yml @@ -1,16 +1,16 @@ --- -- name: "pull homepage from {{nginx_homepage_repository_address}}" +- name: "pull homepage from {{nginx_static_repository_address}}" git: - repo: "{{nginx_homepage_repository_address}}" + repo: "{{nginx_static_repository_address}}" dest: "{{nginx_homepage_root}}" update: yes ignore_errors: true -- name: configure {{top_domain}}.conf +- name: configure {{primary_domain}}.conf template: src: "static.nginx.conf.j2" - dest: "{{nginx_servers_directory}}{{top_domain}}.conf" + dest: "{{nginx_servers_directory}}{{primary_domain}}.conf" vars: - domain: "{{top_domain}}" + domain: "{{primary_domain}}" notify: restart nginx when: run_once_nginx is not defined \ No newline at end of file diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 128ca336..8246a4e9 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -33,7 +33,7 @@ include_tasks: certbot-matomo.yml when: run_once_nginx is not defined vars: - domain: "{{top_domain}}" + domain: "{{primary_domain}}" when: run_once_nginx is not defined - name: flush nginx service