From a0c2245bbdc68e85d8d06b548cef65e276df8b73 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Fri, 12 Sep 2025 01:52:13 +0200 Subject: [PATCH] Refactor web-opt-rdr-www: - Split Cloudflare edge redirect into _01 and _02 task files - Wrap Cloudflare routines in a conditional block on DNS_PROVIDER - Preserve origin vs edge flavor handling Conversation: https://chatgpt.com/share/68c3609b-5624-800f-b5fa-69def6032dca --- .../tasks/_01_cloudflare_edge_redirect.yml | 7 +++ ...e.yml => _02_cloudflare_redirect_rule.yml} | 0 roles/web-opt-rdr-www/tasks/main.yml | 56 +++++++++---------- 3 files changed, 32 insertions(+), 31 deletions(-) create mode 100644 roles/web-opt-rdr-www/tasks/_01_cloudflare_edge_redirect.yml rename roles/web-opt-rdr-www/tasks/{cloudflare_redirect_rule.yml => _02_cloudflare_redirect_rule.yml} (100%) diff --git a/roles/web-opt-rdr-www/tasks/_01_cloudflare_edge_redirect.yml b/roles/web-opt-rdr-www/tasks/_01_cloudflare_edge_redirect.yml new file mode 100644 index 00000000..4e9f52fa --- /dev/null +++ b/roles/web-opt-rdr-www/tasks/_01_cloudflare_edge_redirect.yml @@ -0,0 +1,7 @@ +- name: Include Cloudflare redirect rule to enforce www → apex + include_tasks: _02_cloudflare_redirect_rule.yml + vars: + domain: "{{ item | regex_replace('^www\\.', '') }}" + www_fqdn: "{{ item }}" + apex_url: "{{ WEB_PROTOCOL }}://{{ item | regex_replace('^www\\.', '') }}" + loop: "{{ REDIRECT_WWW_DOMAINS }}" \ No newline at end of file diff --git a/roles/web-opt-rdr-www/tasks/cloudflare_redirect_rule.yml b/roles/web-opt-rdr-www/tasks/_02_cloudflare_redirect_rule.yml similarity index 100% rename from roles/web-opt-rdr-www/tasks/cloudflare_redirect_rule.yml rename to roles/web-opt-rdr-www/tasks/_02_cloudflare_redirect_rule.yml diff --git a/roles/web-opt-rdr-www/tasks/main.yml b/roles/web-opt-rdr-www/tasks/main.yml index e3ad502f..84d97e19 100644 --- a/roles/web-opt-rdr-www/tasks/main.yml +++ b/roles/web-opt-rdr-www/tasks/main.yml @@ -13,35 +13,29 @@ redirect_domain_mappings: "{{ REDIRECT_WWW_DOMAINS | map('regex_replace', '^www\\.(.+)$', '{ source: \"www.\\1\", target: \"\\1\" }') | map('from_yaml') | list }}" when: REDIRECT_WWW_FLAVOR == 'origin' -- name: Include DNS role to set redirects - include_role: - name: sys-dns-cloudflare-records - vars: - cloudflare_records: | - {%- set bare = REDIRECT_WWW_DOMAINS | map('regex_replace', '^www\\.(.+)$', '\\1') | list -%} - [ - {%- for d in bare -%} - { - "type": "A", - "zone": "{{ d | to_zone }}", - "name": "{{ d }}", - "content": "{{ networks.internet.ip4 }}", - "proxied": {{ REDIRECT_WWW_FLAVOR == 'edge' }}, - "ttl": 1 - }{{ "," if not loop.last else "" }} - {%- endfor -%} - ] - when: - - DNS_PROVIDER == 'cloudflare' - - REDIRECT_WWW_FLAVOR == 'origin' +- name: Cloudflare WWW Routines + when: DNS_PROVIDER == 'cloudflare' + block: + - name: Include DNS role to set redirects + include_role: + name: sys-dns-cloudflare-records + vars: + cloudflare_records: | + {%- set bare = REDIRECT_WWW_DOMAINS | map('regex_replace', '^www\\.(.+)$', '\\1') | list -%} + [ + {%- for d in bare -%} + { + "type": "A", + "zone": "{{ d | to_zone }}", + "name": "{{ d }}", + "content": "{{ networks.internet.ip4 }}", + "proxied": {{ REDIRECT_WWW_FLAVOR == 'edge' }}, + "ttl": 1 + }{{ "," if not loop.last else "" }} + {%- endfor -%} + ] + when: REDIRECT_WWW_FLAVOR == 'origin' -- name: Include Cloudflare redirect rule to enforce www → apex - include_tasks: cloudflare_redirect_rule.yml - vars: - domain: "{{ item | regex_replace('^www\\.', '') }}" - www_fqdn: "{{ item }}" - apex_url: "{{ WEB_PROTOCOL }}://{{ item | regex_replace('^www\\.', '') }}" - loop: "{{ REDIRECT_WWW_DOMAINS }}" - when: REDIRECT_WWW_FLAVOR == 'edge' - - + - name: Include Cloudflare edge redirect + include_tasks: _01_cloudflare_edge_redirect.yml + when: REDIRECT_WWW_FLAVOR == 'edge'