diff --git a/README.md b/README.md index 505f2974..9c0359f6 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,7 @@ Contact me for more details: ## Showcases The following list showcases the extensive range of solutions that CyMaIS incorporates, each playing a vital role in providing a comprehensive, efficient, and secure IT infrastructure setup: -[ELK Stack](./roles/docker-elk), [Intel Driver](./roles/driver-intel), [Nginx Docker Reverse Proxy](./roles/nginx-docker-reverse-proxy), [Sudo](./roles/sudo), [Funkwhale](./roles/docker-funkwhale), [MSI Keyboard Color Driver](./roles/driver-msi-keyboard-color), [Nginx Domain Redirect](./roles/nginx-domain-redirect), [GnuCash](./roles/pc-gnucash), [Backup Data to USB](./roles/backup-data-to-usb), [Gitea](./roles/docker-gitea), [Non-Free Driver](./roles/driver-non-free), [Nginx Homepage](./roles/nginx-static-repository), [Jrnl](./roles/pc-jrnl), [Systemd Notifier](./roles/systemd-notifier), [Backup Docker to Local](./roles/backup-docker-to-local), [Jenkins](./roles/docker-jenkins), [Git](./roles/git), [Nginx HTTPS](./roles/nginx-https), [Latex](./roles/pc-latex), [Email Notifier](./roles/systemd-notifier-email), [Remote to Local Backup Solution](./roles/backup-remote-to-local), [Joomla](./roles/docker-joomla), [Heal Defect Docker Installations](./roles/heal-docker), [Nginx Matomo Tracking](./roles/nginx-global-matomo), [LibreOffice](./roles/pc-libreoffice), [Telegram Notifier](./roles/systemd-notifier-telegram), [Listmonk](./roles/docker-listmonk), [Btrfs Health Check](./roles/health-btrfs), [Nginx WWW Redirect](./roles/nginx-global-www), [Network Analyze Tools](./roles/pc-network-analyze-tools), [System Security](./roles/system-security), [Mailu](./roles/docker-mailu), [Disc Space Health Check](./roles/health-disc-space), [Administrator Tools](./roles/pc-administrator-tools), [Nextcloud Client](./roles/pc-nextcloud), [Swapfile Setup](./roles/system-swapfile), [Backups Cleanup](./roles/cleanup-backups-service), [Mastodon](./roles/docker-mastodon), [Docker Container Health Checker](./roles/health-docker-container), [Blu-ray Player Tools](./roles/pc-bluray-player-tools), [Office](./roles/pc-office), [Update Solutions](./roles/update), [Matomo](./roles/docker-matomo), [Docker Volumes Health Checker](./roles/health-docker-volumes), [Caffeine](./roles/pc-caffeine), [Qbittorrent](./roles/pc-qbittorrent), [Update Apt](./roles/update-apt), [Disc Space Cleanup](./roles/cleanup-disc-space), [Matrix](./roles/docker-matrix), [Health Journalctl](./roles/health-journalctl), [Designer Tools](./roles/pc-designer-tools), [Security Tools](./roles/pc-security-tools), [Update Docker](./roles/update-docker), [Failed Docker Backups Cleanup](./roles/cleanup-failed-docker-backups), [MediaWiki](./roles/docker-mediawiki), [Nginx Health Checker](./roles/health-nginx), [Developer Tools](./roles/pc-developer-tools), [Spotify](./roles/pc-spotify), [Update Pacman](./roles/update-pacman), [Client Wireguard](./roles/client-wireguard), [MyBB](./roles/docker-mybb), [Developer Tools for Arduino](./roles/pc-developer-tools-arduino), [SSH](./roles/pc-ssh), [Update Yay](./roles/update-yay), [Client Setup for Wireguard Behind Firewall](./roles/client-wireguard-behind-firewall), [Nextcloud Server](./roles/docker-nextcloud), [Hunspell](./roles/hunspell), [Developer Tools for Bash](./roles/pc-developer-tools-bash), [Streaming Tools](./roles/pc-streaming-tools), [Administrator](./roles/user-administrator), [Docker](./roles/docker), [Peertube](./roles/docker-peertube), [Java](./roles/java), [Developer Tools for Java](./roles/pc-developer-tools-java), [Tor Browser](./roles/pc-torbrowser), [Video Conference](./roles/pc-video-conference), [Wireguard](./roles/wireguard), [Akaunting](./roles/docker-akaunting), [Pixelfed](./roles/docker-pixelfed), [Journalctl](./roles/journalctl), [Developer Tools for PHP](./roles/pc-developer-tools-php), [Virtual Box](./roles/pc-virtual-box), [Postfix](./roles/postfix), [Attendize](./roles/docker-attendize), [Wordpress](./roles/docker-wordpress), [Locales](./roles/locales), [Docker for End Users](./roles/pc-docker), [Games](./roles/pc-games), [Python Pip](./roles/python-pip), [Discourse](./roles/docker-discourse), [Epson Multiprinter Driver](./roles/driver-epson-multiprinter), [Nginx Certbot](./roles/nginx-certbot), [Git](./roles/pc-git), [SSHD](./roles/sshd), [YOURLS](./roles/docker-yourls), [BigBlueButton](./roles/docker-bigbluebutton),[System Maintenance Lock](./roles/system-maintenance-lock),[Open Project](./roles/docker-openproject)... +[ELK Stack](./roles/docker-elk), [Intel Driver](./roles/driver-intel), [Nginx Docker Reverse Proxy](./roles/nginx-docker-reverse-proxy), [Sudo](./roles/sudo), [Funkwhale](./roles/docker-funkwhale), [MSI Keyboard Color Driver](./roles/driver-msi-keyboard-color), [Nginx Domain Redirect](./roles/nginx-redirect-domain), [GnuCash](./roles/pc-gnucash), [Backup Data to USB](./roles/backup-data-to-usb), [Gitea](./roles/docker-gitea), [Non-Free Driver](./roles/driver-non-free), [Nginx Homepage](./roles/nginx-static-repository), [Jrnl](./roles/pc-jrnl), [Systemd Notifier](./roles/systemd-notifier), [Backup Docker to Local](./roles/backup-docker-to-local), [Jenkins](./roles/docker-jenkins), [Git](./roles/git), [Nginx HTTPS](./roles/nginx-https), [Latex](./roles/pc-latex), [Email Notifier](./roles/systemd-notifier-email), [Remote to Local Backup Solution](./roles/backup-remote-to-local), [Joomla](./roles/docker-joomla), [Heal Defect Docker Installations](./roles/heal-docker), [Nginx Matomo Tracking](./roles/nginx-modifier-matomo), [LibreOffice](./roles/pc-libreoffice), [Telegram Notifier](./roles/systemd-notifier-telegram), [Listmonk](./roles/docker-listmonk), [Btrfs Health Check](./roles/health-btrfs), [Nginx WWW Redirect](./roles/nginx-redirect-www), [Network Analyze Tools](./roles/pc-network-analyze-tools), [System Security](./roles/system-security), [Mailu](./roles/docker-mailu), [Disc Space Health Check](./roles/health-disc-space), [Administrator Tools](./roles/pc-administrator-tools), [Nextcloud Client](./roles/pc-nextcloud), [Swapfile Setup](./roles/system-swapfile), [Backups Cleanup](./roles/cleanup-backups-service), [Mastodon](./roles/docker-mastodon), [Docker Container Health Checker](./roles/health-docker-container), [Blu-ray Player Tools](./roles/pc-bluray-player-tools), [Office](./roles/pc-office), [Update Solutions](./roles/update), [Matomo](./roles/docker-matomo), [Docker Volumes Health Checker](./roles/health-docker-volumes), [Caffeine](./roles/pc-caffeine), [Qbittorrent](./roles/pc-qbittorrent), [Update Apt](./roles/update-apt), [Disc Space Cleanup](./roles/cleanup-disc-space), [Matrix](./roles/docker-matrix), [Health Journalctl](./roles/health-journalctl), [Designer Tools](./roles/pc-designer-tools), [Security Tools](./roles/pc-security-tools), [Update Docker](./roles/update-docker), [Failed Docker Backups Cleanup](./roles/cleanup-failed-docker-backups), [MediaWiki](./roles/docker-mediawiki), [Nginx Health Checker](./roles/health-nginx), [Developer Tools](./roles/pc-developer-tools), [Spotify](./roles/pc-spotify), [Update Pacman](./roles/update-pacman), [Client Wireguard](./roles/client-wireguard), [MyBB](./roles/docker-mybb), [Developer Tools for Arduino](./roles/pc-developer-tools-arduino), [SSH](./roles/pc-ssh), [Update Yay](./roles/update-yay), [Client Setup for Wireguard Behind Firewall](./roles/client-wireguard-behind-firewall), [Nextcloud Server](./roles/docker-nextcloud), [Hunspell](./roles/hunspell), [Developer Tools for Bash](./roles/pc-developer-tools-bash), [Streaming Tools](./roles/pc-streaming-tools), [Administrator](./roles/user-administrator), [Docker](./roles/docker), [Peertube](./roles/docker-peertube), [Java](./roles/java), [Developer Tools for Java](./roles/pc-developer-tools-java), [Tor Browser](./roles/pc-torbrowser), [Video Conference](./roles/pc-video-conference), [Wireguard](./roles/wireguard), [Akaunting](./roles/docker-akaunting), [Pixelfed](./roles/docker-pixelfed), [Journalctl](./roles/journalctl), [Developer Tools for PHP](./roles/pc-developer-tools-php), [Virtual Box](./roles/pc-virtual-box), [Postfix](./roles/postfix), [Attendize](./roles/docker-attendize), [Wordpress](./roles/docker-wordpress), [Locales](./roles/locales), [Docker for End Users](./roles/pc-docker), [Games](./roles/pc-games), [Python Pip](./roles/python-pip), [Discourse](./roles/docker-discourse), [Epson Multiprinter Driver](./roles/driver-epson-multiprinter), [Nginx Certbot](./roles/nginx-certbot), [Git](./roles/pc-git), [SSHD](./roles/sshd), [YOURLS](./roles/docker-yourls), [BigBlueButton](./roles/docker-bigbluebutton),[System Maintenance Lock](./roles/system-maintenance-lock),[Open Project](./roles/docker-openproject)... ## License diff --git a/SERVER_APPLICATIONS.md b/SERVER_APPLICATIONS.md index a08ce046..954b1e11 100644 --- a/SERVER_APPLICATIONS.md +++ b/SERVER_APPLICATIONS.md @@ -21,9 +21,9 @@ Focuses on web server roles and applications, covering SSL certificates, Nginx c - **[Nginx-Docker-Reverse-Proxy](./roles/nginx-docker-reverse-proxy/)**: Sets up a reverse proxy for Docker containers. - **[nginx-static-repository](./roles/nginx-static-repository/)**: Configures a homepage for Nginx. - **[Nginx-Https](./roles/nginx-https/)**: Enables HTTPS configuration for Nginx. -- **[nginx-global-matomo](./roles/nginx-global-matomo/)**: Integrates Matomo tracking with Nginx. -- **[Nginx-Domain-Redirect](./roles/nginx-domain-redirect/)**: Manages URL redirects in Nginx. -- **[nginx-global-www](./roles/nginx-global-www/)**: Redirects all domains with the prefix www. from www.domain.tld to domain.tld +- **[nginx-modifier-matomo](./roles/nginx-modifier-matomo/)**: Integrates Matomo tracking with Nginx. +- **[nginx-redirect-domain](./roles/nginx-redirect-domain/)**: Manages URL redirects in Nginx. +- **[nginx-redirect-www](./roles/nginx-redirect-www/)**: Redirects all domains with the prefix www. from www.domain.tld to domain.tld - **[Nginx-Certbot](./roles/nginx-certbot/)**: Integrates Certbot with Nginx for SSL certificates. - **[Postfix](./roles/postfix/)**: Setup for the Postfix mail transfer agent. diff --git a/group_vars/all/03_domains.yml b/group_vars/all/03_domains.yml index a47ba7c8..fe4bd0b1 100644 --- a/group_vars/all/03_domains.yml +++ b/group_vars/all/03_domains.yml @@ -19,6 +19,7 @@ defaults_domains: listmonk: "newsletter.{{primary_domain}}" mailu: "{{system_email.host}}" mastodon: "microblog.{{primary_domain}}" + # ATTENTION: Will be owerwritten by the values in domains. Not merged. mastodon_alternates: ["mastodon.{{primary_domain}}"] matomo: "matomo.{{primary_domain}}" matrix_synapse: "matrix.{{primary_domain}}" @@ -28,6 +29,7 @@ defaults_domains: nextcloud: "cloud.{{primary_domain}}" openproject: "project.{{primary_domain}}" peertube: "video.{{primary_domain}}" + # ATTENTION: Will be owerwritten by the values in domains. Not merged. peertube_alternates: [] phpmyadmin: "phpmyadmin.{{primary_domain}}" pixelfed: "picture.{{primary_domain}}" @@ -36,7 +38,10 @@ defaults_domains: snipe_it: "inventory.{{primary_domain}}" taiga: "kanban.{{primary_domain}}" yourls: "s.{{primary_domain}}" - wordpress: ["wordpress.{{primary_domain}}","blog.{{primary_domain}}"] + # ATTENTION: Will be owerwritten by the values in domains. Not merged. + wordpress: + - "wordpress.{{primary_domain}}" + - "blog.{{primary_domain}}" ## Domain Redirects defaults_redirect_domain_mappings: diff --git a/group_vars/all/05_nginx.yml b/group_vars/all/05_nginx.yml index 8878a4ae..533f6f78 100644 --- a/group_vars/all/05_nginx.yml +++ b/group_vars/all/05_nginx.yml @@ -3,18 +3,19 @@ ## Nginx-Specific Path Configurations nginx: directories: - configuration: "/etc/nginx/conf.d/" # Configuration directory + configuration: "/etc/nginx/conf.d/" # Configuration directory http: - global: "/etc/nginx/conf.d/http/global/" # Contains global configurations which will be loaded into the http block - servers: "/etc/nginx/conf.d/http/servers/" # Contains one configuration per domain - maps: "/etc/nginx/conf.d/http/maps/" # Contains mappings - streams: "/etc/nginx/conf.d/streams/" # Contains streams configuration e.g. for ldaps - well_known: "/usr/share/nginx/well-known/" # Path where well-known files are stored - homepage: "/usr/share/nginx/homepage/" # Path where the static homepage files are stored. @todo Move this variable to the role - global: "/var/www/global/" # Directory containing files which will be globaly accessable - user: "http" # Default nginx user in ArchLinux + global: "/etc/nginx/conf.d/http/global/" # Contains global configurations which will be loaded into the http block + servers: "/etc/nginx/conf.d/http/servers/" # Contains one configuration per domain + maps: "/etc/nginx/conf.d/http/maps/" # Contains mappings + streams: "/etc/nginx/conf.d/streams/" # Contains streams configuration e.g. for ldaps + well_known: "/usr/share/nginx/well-known/" # Path where well-known files are stored + homepage: "/usr/share/nginx/homepage/" # Path where the static homepage files are stored. @todo Move this variable to the role + global: "/var/www/global/" # Directory containing files which will be globaly accessable + user: "http" # Default nginx user in ArchLinux ## Nginx static repository -nginx_static_repository_address: NULL #This should contain the url to an git repository which has a static homepage included and an index.html file. @todo move this variable to the role - -global_matomo_tracking_enabled: false # Activates matomo tracking on all html pages \ No newline at end of file +nginx_static_repository_address: NULL # This should contain the url to an git repository which has a static homepage included and an index.html file. @todo move this variable to the role + # @todo Move this to the dedicated role configuration +## Matomo Tracking +global_matomo_tracking_enabled: false # Activates matomo tracking on all html pages. Change this in inventory. \ No newline at end of file diff --git a/playbook.servers.yml b/playbook.servers.yml index b5a00108..ad5e174d 100644 --- a/playbook.servers.yml +++ b/playbook.servers.yml @@ -245,7 +245,7 @@ hosts: redirect become: true roles: - - role: nginx-domain-redirect + - role: nginx-redirect-domain vars: domain_mappings: "{{redirect_domain_mappings}}" @@ -253,13 +253,13 @@ hosts: www_redirect become: true roles: - - role: nginx-global-www + - role: nginx-redirect-www # Helper Roles for partial deployment - name: Copy global css - hosts: nginx-global-css + hosts: nginx-modifier-css become: true roles: - - role: nginx-global-css + - role: nginx-modifier-css - import_playbook: playbook.destructor.yml \ No newline at end of file diff --git a/roles/docker-akaunting/tasks/main.yml b/roles/docker-akaunting/tasks/main.yml index 6d9aa5aa..0fc7fe6b 100644 --- a/roles/docker-akaunting/tasks/main.yml +++ b/roles/docker-akaunting/tasks/main.yml @@ -3,8 +3,9 @@ include_role: name: docker-central-database -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup - name: "include tasks update-repository-with-files.yml" include_tasks: update-repository-with-files.yml diff --git a/roles/docker-baserow/tasks/main.yml b/roles/docker-baserow/tasks/main.yml index 8be5742d..9ecd9303 100644 --- a/roles/docker-baserow/tasks/main.yml +++ b/roles/docker-baserow/tasks/main.yml @@ -3,8 +3,9 @@ include_role: name: docker-central-database -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup - name: "copy docker-compose.yml and env file" include_tasks: copy-docker-compose-and-env.yml \ No newline at end of file diff --git a/roles/docker-bigbluebutton/tasks/main.yml b/roles/docker-bigbluebutton/tasks/main.yml index faf89779..17c529ae 100644 --- a/roles/docker-bigbluebutton/tasks/main.yml +++ b/roles/docker-bigbluebutton/tasks/main.yml @@ -15,8 +15,9 @@ # dest: "{{nginx.directories.http.servers}}{{domain}}.conf" # notify: restart nginx -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup - name: configure websocket_upgrade.conf copy: diff --git a/roles/docker-bluesky/tasks/main.yml b/roles/docker-bluesky/tasks/main.yml index 69342ec2..c4f3899a 100644 --- a/roles/docker-bluesky/tasks/main.yml +++ b/roles/docker-bluesky/tasks/main.yml @@ -3,17 +3,15 @@ include_role: name: docker-compose -- name: "Include tasks for API domain" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup vars: - domain: "{{ domains.bluesky_api }}" - http_port: "{{ ports.localhost.http.bluesky_api }}" - -- name: "Include tasks for Web domain" - include_tasks: nginx-docker-proxy-domain.yml - vars: - domain: "{{ domains.bluesky_web }}" - http_port: "{{ ports.localhost.http.bluesky_web }}" + domain: "{{ item.domain }}" + http_port: "{{ item.http_port }}" + loop: + - { domain: domains.bluesky_api, http_port: ports.localhost.http.bluesky_api } + - { domain: domains.bluesky_web, http_port: ports.localhost.http.bluesky_web } # The following lines should be removed when the following issue is closed: # https://github.com/bluesky-social/pds/issues/52 diff --git a/roles/docker-compose/tasks/main.yml b/roles/docker-compose/tasks/main.yml index 5b331869..ace3a86a 100644 --- a/roles/docker-compose/tasks/main.yml +++ b/roles/docker-compose/tasks/main.yml @@ -3,7 +3,10 @@ - name: "Set global domain based on application_id" set_fact: - domain: "{{ domains[application_id] if application_id in domains else None }}" + domain: "{{ domains[application_id] }}" + when: + - application_id in domains + - domains[application_id] is string # Default case: One domain exists. Some applications like matrix don't have an default domain - name: "Set global http_port to {{ ports.localhost.http[application_id] }}" diff --git a/roles/docker-discourse/tasks/main.yml b/roles/docker-discourse/tasks/main.yml index 502412f7..6941353f 100644 --- a/roles/docker-discourse/tasks/main.yml +++ b/roles/docker-discourse/tasks/main.yml @@ -10,8 +10,9 @@ include_role: name: docker-central-database -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup - name: "cleanup central database from {{application_id}}_default network" command: diff --git a/roles/docker-elk/tasks/main.yml b/roles/docker-elk/tasks/main.yml index 12ead0a1..b928208a 100644 --- a/roles/docker-elk/tasks/main.yml +++ b/roles/docker-elk/tasks/main.yml @@ -1,7 +1,8 @@ --- -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup - name: create elasticsearch-sysctl.conf copy: diff --git a/roles/docker-friendica/tasks/main.yml b/roles/docker-friendica/tasks/main.yml index 12db0a7d..76ee6b3f 100644 --- a/roles/docker-friendica/tasks/main.yml +++ b/roles/docker-friendica/tasks/main.yml @@ -3,8 +3,9 @@ include_role: name: docker-central-database -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup - name: "copy docker-compose.yml and env file" include_tasks: copy-docker-compose-and-env.yml diff --git a/roles/docker-funkwhale/tasks/main.yml b/roles/docker-funkwhale/tasks/main.yml index d28d6342..baa2e206 100644 --- a/roles/docker-funkwhale/tasks/main.yml +++ b/roles/docker-funkwhale/tasks/main.yml @@ -3,8 +3,9 @@ include_role: name: docker-central-database -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup - name: "copy docker-compose.yml and env file" include_tasks: copy-docker-compose-and-env.yml diff --git a/roles/docker-gitea/tasks/main.yml b/roles/docker-gitea/tasks/main.yml index 12db0a7d..76ee6b3f 100644 --- a/roles/docker-gitea/tasks/main.yml +++ b/roles/docker-gitea/tasks/main.yml @@ -3,8 +3,9 @@ include_role: name: docker-central-database -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup - name: "copy docker-compose.yml and env file" include_tasks: copy-docker-compose-and-env.yml diff --git a/roles/docker-gitlab/tasks/main.yml b/roles/docker-gitlab/tasks/main.yml index 12db0a7d..76ee6b3f 100644 --- a/roles/docker-gitlab/tasks/main.yml +++ b/roles/docker-gitlab/tasks/main.yml @@ -3,8 +3,9 @@ include_role: name: docker-central-database -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup - name: "copy docker-compose.yml and env file" include_tasks: copy-docker-compose-and-env.yml diff --git a/roles/docker-jenkins/tasks/main.yml b/roles/docker-jenkins/tasks/main.yml index a32809c8..e3343d31 100644 --- a/roles/docker-jenkins/tasks/main.yml +++ b/roles/docker-jenkins/tasks/main.yml @@ -1,5 +1,6 @@ -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup - name: "docker jenkins" docker_compose: diff --git a/roles/docker-joomla/tasks/main.yml b/roles/docker-joomla/tasks/main.yml index 5fbe2c0f..5ffd5bfc 100644 --- a/roles/docker-joomla/tasks/main.yml +++ b/roles/docker-joomla/tasks/main.yml @@ -3,8 +3,9 @@ include_role: name: docker-central-database -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup loop: "{{ domains }}" loop_control: loop_var: domain diff --git a/roles/docker-keycloak/tasks/main.yml b/roles/docker-keycloak/tasks/main.yml index e43ab138..45a73209 100644 --- a/roles/docker-keycloak/tasks/main.yml +++ b/roles/docker-keycloak/tasks/main.yml @@ -3,8 +3,9 @@ include_role: name: docker-central-database -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup - name: "copy docker-compose.yml and env file" include_tasks: copy-docker-compose-and-env.yml diff --git a/roles/docker-keycloak/templates/import/realm.json.j2 b/roles/docker-keycloak/templates/import/realm.json.j2 index 4409d84b..262d88e1 100644 --- a/roles/docker-keycloak/templates/import/realm.json.j2 +++ b/roles/docker-keycloak/templates/import/realm.json.j2 @@ -825,9 +825,9 @@ "clientId": "{{realm}}", "name": "", "description": "", - "rootUrl": "https://{{realm}}/", + "rootUrl": "https://{{realm}}/", "adminUrl": "https://{{realm}}/", - "baseUrl": "https://{{realm}}/", + "baseUrl": "https://{{realm}}/", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -865,7 +865,7 @@ "attributes": { "realm_client": "false", "oidc.ciba.grant.enabled": "false", - "client.secret.creation.time": "{{ ansible_date_time.epoch | int }}", + "client.secret.creation.time": "0", "backchannel.logout.session.required": "true", "post.logout.redirect.uris": "https://{{primary_domain}}/*##+", "frontchannel.logout.session.required": "true", diff --git a/roles/docker-ldap/tasks/main.yml b/roles/docker-ldap/tasks/main.yml index eabfc4e1..61b35148 100644 --- a/roles/docker-ldap/tasks/main.yml +++ b/roles/docker-ldap/tasks/main.yml @@ -3,8 +3,9 @@ include_role: name: docker-compose -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup - name: Create {{domain}}.conf if LDAP is exposed to internet template: diff --git a/roles/docker-listmonk/tasks/main.yml b/roles/docker-listmonk/tasks/main.yml index 98e72c6e..33835f23 100644 --- a/roles/docker-listmonk/tasks/main.yml +++ b/roles/docker-listmonk/tasks/main.yml @@ -12,8 +12,9 @@ "" {% endif %} -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup - name: "copy docker-compose.yml and env file" include_tasks: copy-docker-compose-and-env.yml diff --git a/roles/docker-mailu/tasks/main.yml b/roles/docker-mailu/tasks/main.yml index 304f97cc..c957d851 100644 --- a/roles/docker-mailu/tasks/main.yml +++ b/roles/docker-mailu/tasks/main.yml @@ -3,8 +3,9 @@ include_role: name: docker-central-database -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup vars: nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size 31M;" diff --git a/roles/docker-mastodon/templates/mastodon.conf.j2 b/roles/docker-mastodon/templates/mastodon.conf.j2 index 855cd5f6..4bf18304 100644 --- a/roles/docker-mastodon/templates/mastodon.conf.j2 +++ b/roles/docker-mastodon/templates/mastodon.conf.j2 @@ -8,7 +8,7 @@ server { {% include 'roles/letsencrypt/templates/ssl_header.j2' %} - {% include 'roles/nginx-global/templates/global.includes.conf.j2'%} + {% include 'roles/nginx-modifier-all/templates/global.includes.conf.j2'%} keepalive_timeout 70; sendfile on; diff --git a/roles/docker-matomo/tasks/main.yml b/roles/docker-matomo/tasks/main.yml index 7fcc7db0..b4fefb60 100644 --- a/roles/docker-matomo/tasks/main.yml +++ b/roles/docker-matomo/tasks/main.yml @@ -18,8 +18,9 @@ include_role: name: docker-central-database -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup - name: "copy docker-compose.yml and env file" include_tasks: copy-docker-compose-and-env.yml \ No newline at end of file diff --git a/roles/docker-matomo/vars/main.yml b/roles/docker-matomo/vars/main.yml index 1c215b83..1a6b407c 100644 --- a/roles/docker-matomo/vars/main.yml +++ b/roles/docker-matomo/vars/main.yml @@ -1,8 +1,8 @@ --- -application_id: "matomo" -database_type: "mariadb" -database_password: "{{matomo_database_password}}" -domain: "{{domains.matomo}}" +application_id: "matomo" +database_type: "mariadb" +database_password: "{{matomo_database_password}}" +domain: "{{domains.matomo}}" # Don't know if this is still necessary # Disable matomo tracking for matomo, because otherwise recursiv loading technics would be neccessary -# global_matomo_tracking_enabled: false \ No newline at end of file +global_matomo_tracking_enabled: false \ No newline at end of file diff --git a/roles/docker-matrix-ansible/tasks/main.yml b/roles/docker-matrix-ansible/tasks/main.yml index 9390fec4..ec997068 100644 --- a/roles/docker-matrix-ansible/tasks/main.yml +++ b/roles/docker-matrix-ansible/tasks/main.yml @@ -1,6 +1,7 @@ --- -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup loop: - "{{domains.matrix_element}}" - "{{domains.matrix_synapse}}" diff --git a/roles/docker-matrix-compose/tasks/main.yml b/roles/docker-matrix-compose/tasks/main.yml index 3dfb7b4e..eab8774b 100644 --- a/roles/docker-matrix-compose/tasks/main.yml +++ b/roles/docker-matrix-compose/tasks/main.yml @@ -30,8 +30,9 @@ http_port: "{{ports.localhost.http.matrix_synapse}}" notify: restart nginx -- name: "include tasks nginx-docker-proxy-domain.yml for element" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup vars: domain: "{{domains.matrix_element}}" http_port: "{{ports.localhost.http.matrix_element}}" diff --git a/roles/docker-matrix-compose/templates/nginx.conf.j2 b/roles/docker-matrix-compose/templates/nginx.conf.j2 index 2fad6007..9a58de18 100644 --- a/roles/docker-matrix-compose/templates/nginx.conf.j2 +++ b/roles/docker-matrix-compose/templates/nginx.conf.j2 @@ -10,6 +10,6 @@ server { listen 8448 ssl default_server; listen [::]:8448 ssl default_server; - {% include 'roles/nginx-global/templates/global.includes.conf.j2'%} + {% include 'roles/nginx-modifier-all/templates/global.includes.conf.j2'%} {% include 'roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2' %} } \ No newline at end of file diff --git a/roles/docker-mediawiki/tasks/main.yml b/roles/docker-mediawiki/tasks/main.yml index a7b9fc29..541c487d 100644 --- a/roles/docker-mediawiki/tasks/main.yml +++ b/roles/docker-mediawiki/tasks/main.yml @@ -3,8 +3,9 @@ include_role: name: docker-central-database -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup - name: add docker-compose.yml template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml diff --git a/roles/docker-moodle/tasks/main.yml b/roles/docker-moodle/tasks/main.yml index 12db0a7d..76ee6b3f 100644 --- a/roles/docker-moodle/tasks/main.yml +++ b/roles/docker-moodle/tasks/main.yml @@ -3,8 +3,9 @@ include_role: name: docker-central-database -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup - name: "copy docker-compose.yml and env file" include_tasks: copy-docker-compose-and-env.yml diff --git a/roles/docker-nextcloud/templates/proxy-nginx.conf.j2 b/roles/docker-nextcloud/templates/proxy-nginx.conf.j2 index 1db4c484..419f813e 100644 --- a/roles/docker-nextcloud/templates/proxy-nginx.conf.j2 +++ b/roles/docker-nextcloud/templates/proxy-nginx.conf.j2 @@ -6,7 +6,7 @@ server {% include 'roles/letsencrypt/templates/ssl_header.j2' %} - {% include 'roles/nginx-global/templates/global.includes.conf.j2'%} + {% include 'roles/nginx-modifier-all/templates/global.includes.conf.j2'%} # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; diff --git a/roles/docker-openproject/tasks/main.yml b/roles/docker-openproject/tasks/main.yml index 95237d47..6d9e0169 100644 --- a/roles/docker-openproject/tasks/main.yml +++ b/roles/docker-openproject/tasks/main.yml @@ -3,8 +3,9 @@ include_role: name: docker-central-database -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup #- name: "include tasks update-repository-with-files.yml" # include_tasks: update-repository-with-files.yml diff --git a/roles/docker-peertube/templates/peertube.conf.j2 b/roles/docker-peertube/templates/peertube.conf.j2 index 639fe051..a44d7644 100644 --- a/roles/docker-peertube/templates/peertube.conf.j2 +++ b/roles/docker-peertube/templates/peertube.conf.j2 @@ -3,7 +3,7 @@ server { {% include 'roles/letsencrypt/templates/ssl_header.j2' %} - {% include 'roles/nginx-global/templates/global.includes.conf.j2'%} + {% include 'roles/nginx-modifier-all/templates/global.includes.conf.j2'%} ## # Application ## diff --git a/roles/docker-phpmyadmin/tasks/main.yml b/roles/docker-phpmyadmin/tasks/main.yml index bbbc3051..a2bd50ba 100644 --- a/roles/docker-phpmyadmin/tasks/main.yml +++ b/roles/docker-phpmyadmin/tasks/main.yml @@ -3,8 +3,9 @@ include_role: name: docker-compose -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup - name: "copy docker-compose.yml and env file" include_tasks: copy-docker-compose-and-env.yml diff --git a/roles/docker-pixelfed/tasks/main.yml b/roles/docker-pixelfed/tasks/main.yml index 8be5742d..9ecd9303 100644 --- a/roles/docker-pixelfed/tasks/main.yml +++ b/roles/docker-pixelfed/tasks/main.yml @@ -3,8 +3,9 @@ include_role: name: docker-central-database -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup - name: "copy docker-compose.yml and env file" include_tasks: copy-docker-compose-and-env.yml \ No newline at end of file diff --git a/roles/docker-portfolio/tasks/main.yml b/roles/docker-portfolio/tasks/main.yml index 43afe646..c849280a 100644 --- a/roles/docker-portfolio/tasks/main.yml +++ b/roles/docker-portfolio/tasks/main.yml @@ -3,8 +3,9 @@ include_role: name: docker-compose -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup - name: "include tasks update-repository-with-files.yml" include_tasks: update-repository-with-files.yml diff --git a/roles/docker-snipe_it/README.md b/roles/docker-snipe_it/README.md index f004fcba..47d5b72d 100644 --- a/roles/docker-snipe_it/README.md +++ b/roles/docker-snipe_it/README.md @@ -1,9 +1,6 @@ -# CyMaIS Role +# Docker Snipe-IT -🚀 **CyMaIS** - Centralized Management and Integration System for **[Snipe-IT](https://github.com/snipe/snipe-it)** - -## About 📖 -This role provides an automated deployment and configuration for **Snipe-IT**, an open-source asset management system. It leverages **Docker Compose**, **Ansible**, and **centralized database integration** to streamline deployment and maintenance. +This 🚀 **CyMaIS** role provides an automated deployment and configuration for **[Snipe-IT](https://github.com/snipe/snipe-it)**, an open-source asset management system. It leverages **Docker Compose**, **Ansible**, and **centralized database integration** to streamline deployment and maintenance. 👤 **Author:** Kevin Veen-Birkenbach 🔗 **Website:** [veen.world](https://veen.world) @@ -24,11 +21,6 @@ docker-compose exec application php artisan cache:clear docker-compose restart application ``` -## Configuration -- **Database:** The role supports **MariaDB** as the primary database. -- **Environment Variables:** Defined in `templates/env.j2`. -- **Nginx Proxy Support:** Automated through `nginx-docker-proxy-domain.yml`. - ## Pending Issue 🚧 To ensure full **SAML authentication integration**, this issue still needs to be resolved: 🔗 [GitHub Issue #16186](https://github.com/snipe/snipe-it/issues/16186) diff --git a/roles/docker-snipe_it/tasks/main.yml b/roles/docker-snipe_it/tasks/main.yml index 12db0a7d..76ee6b3f 100644 --- a/roles/docker-snipe_it/tasks/main.yml +++ b/roles/docker-snipe_it/tasks/main.yml @@ -3,8 +3,9 @@ include_role: name: docker-central-database -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup - name: "copy docker-compose.yml and env file" include_tasks: copy-docker-compose-and-env.yml diff --git a/roles/docker-taiga/tasks/main.yml b/roles/docker-taiga/tasks/main.yml index 23ad500b..51b6ff24 100644 --- a/roles/docker-taiga/tasks/main.yml +++ b/roles/docker-taiga/tasks/main.yml @@ -3,8 +3,9 @@ include_role: name: docker-central-database -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup - name: pull docker repository git: diff --git a/roles/docker-wordpress/tasks/main.yml b/roles/docker-wordpress/tasks/main.yml index 1994bdb4..fe2fca95 100644 --- a/roles/docker-wordpress/tasks/main.yml +++ b/roles/docker-wordpress/tasks/main.yml @@ -3,8 +3,9 @@ include_role: name: docker-central-database -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup loop: "{{ domains.wordpress }}" loop_control: loop_var: domain diff --git a/roles/docker-yourls/tasks/main.yml b/roles/docker-yourls/tasks/main.yml index 12db0a7d..76ee6b3f 100644 --- a/roles/docker-yourls/tasks/main.yml +++ b/roles/docker-yourls/tasks/main.yml @@ -3,8 +3,9 @@ include_role: name: docker-central-database -- name: "include tasks nginx-docker-proxy-domain.yml" - include_tasks: nginx-docker-proxy-domain.yml +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup - name: "copy docker-compose.yml and env file" include_tasks: copy-docker-compose-and-env.yml diff --git a/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 b/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 index c38640f4..b2b25988 100644 --- a/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 +++ b/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 @@ -21,7 +21,7 @@ server } {% endif %} - {% include 'roles/nginx-global/templates/global.includes.conf.j2'%} + {% include 'roles/nginx-modifier-all/templates/global.includes.conf.j2'%} {% if nginx_docker_reverse_proxy_extra_configuration is defined %} # Additional Domain Specific Configuration diff --git a/roles/nginx-domain-setup/README.md b/roles/nginx-domain-setup/README.md new file mode 100644 index 00000000..ea8ffe3f --- /dev/null +++ b/roles/nginx-domain-setup/README.md @@ -0,0 +1,16 @@ +# Nginx Domain Setup Role 🚀 + +This role streamlines your Nginx configuration by performing several essential tasks: + +- **Modify Nginx configuration** with the `nginx-modifier-all` role. +- **Request and receive HTTPS certificates** using the `nginx-https-recieve-certificate` role. +- **Deploy a domain configuration file** from a Jinja2 template. +- **Optionally secure your domain** with OAuth2 via the `docker-oauth2-proxy` role if enabled. + +## Author + +Developed by [Kevin Veen-Birkenbach](https://www.veen.world) 😎 + +--- + +Happy automating! 🎉 diff --git a/tasks/nginx-docker-proxy-domain.yml b/roles/nginx-domain-setup/tasks/main.yml similarity index 63% rename from tasks/nginx-docker-proxy-domain.yml rename to roles/nginx-domain-setup/tasks/main.yml index c43cd1ff..235874ac 100644 --- a/tasks/nginx-docker-proxy-domain.yml +++ b/roles/nginx-domain-setup/tasks/main.yml @@ -1,4 +1,8 @@ -- name: "include role receive certbot certificate" +- name: "include role nginx-modifier-all for {{domain}}" + include_role: + name: nginx-modifier-all + +- name: "include role nginx-https-recieve-certificate for {{domain}}" include_role: name: nginx-https-recieve-certificate @@ -8,7 +12,7 @@ dest: "{{nginx.directories.http.servers}}{{domain}}.conf" notify: restart nginx -- name: include the docker-oauth2-proxy role +- name: "include the docker-oauth2-proxy role {{domain}}" include_role: name: docker-oauth2-proxy when: oauth2_proxy_active | bool \ No newline at end of file diff --git a/roles/nginx-global-matomo/vars/main.yml b/roles/nginx-global-matomo/vars/main.yml deleted file mode 100644 index 8cdd2ad0..00000000 --- a/roles/nginx-global-matomo/vars/main.yml +++ /dev/null @@ -1 +0,0 @@ -base_domain: "{{ domain | regex_replace('^(?:.*\\.)?(.+\\..+)$', '\\1') }}" diff --git a/roles/nginx-global-www/README.md b/roles/nginx-global-www/README.md deleted file mode 100644 index c5888f99..00000000 --- a/roles/nginx-global-www/README.md +++ /dev/null @@ -1,37 +0,0 @@ -# README.md for nginx-global-www Role - -## Overview -The `nginx-global-www` role is designed to automate the process of setting up redirects from `www.domain.tld` to `domain.tld` for all domains and subdomains configured within the `{{nginx.directories.http.servers}}` directory. This role dynamically identifies configuration files following the pattern `*domain.tld.conf` and creates corresponding redirection rules. - -## Role Description -This role performs several key tasks: -1. **Find Configuration Files**: Locates all `.conf` files in the `{{nginx.directories.http.servers}}` directory that match the `*.*.conf` pattern, ensuring that only domain and subdomain configurations are selected. - -2. **Filter Domain Names**: Processes each configuration file, extracting the domain names and removing both the `.conf` extension and the `{{nginx.directories.http.servers}}` path. - -3. **Prepare Redirect Domain Mappings**: Transforms the filtered domain names into a source-target mapping format, where `source` is `www.domain.tld` and `target` is `domain.tld`. - -4. **Include nginx-domain-redirect Role**: Applies the redirection configuration using the `nginx-domain-redirect` role with the dynamically generated domain mappings. - -## Usage -To use this role, include it in your playbook and ensure that the `nginx-domain-redirect` role is available in your Ansible environment. No additional configuration is required as the role is designed to dynamically identify and process the domain configurations. - -Example playbook: -```yaml -- hosts: web-servers - roles: - - nginx-global-www -``` - -## Requirements -- Ansible environment set up and configured to run roles. -- Access to the `{{nginx.directories.http.servers}}` directory on the target hosts. -- The `nginx-domain-redirect` role must be present and properly configured to handle the redirection mappings. - -## Notes -- This role is designed to work in environments where domain and subdomain configurations follow the naming pattern `*domain.tld.conf`. -- It automatically excludes any configurations that begin with `www.`, preventing duplicate redirects. - ---- - -This `nginx-global-www` role was crafted by [Kevin Veen-Birkenbach](https://www.veen.world) with insights and guidance provided by ChatGPT, an advanced AI language model from OpenAI. The development process, including the discussions with ChatGPT that shaped this role, can be [here](https://chat.openai.com/share/a68e3574-f543-467d-aea7-0895f0e00bbb) explored in detail. \ No newline at end of file diff --git a/roles/nginx-global/tasks/main.yml b/roles/nginx-global/tasks/main.yml deleted file mode 100644 index ae1e74a1..00000000 --- a/roles/nginx-global/tasks/main.yml +++ /dev/null @@ -1,13 +0,0 @@ -- name: Activate Global Matomo tracking - include_role: - name: nginx-global-matomo - when: global_matomo_tracking_enabled | bool and domain is defined # @todo: Do I try run without is defined checking for domain - -- name: Activate Global CSS - include_role: - name: nginx-global-css - when: - - global_theming_enabled | bool - - run_once_nginx_global_css is not defined -# - nginx-global-www Has to be loaded somehow different -# @todo implement better loading \ No newline at end of file diff --git a/roles/nginx-https/README.md b/roles/nginx-https/README.md new file mode 100644 index 00000000..257a9158 --- /dev/null +++ b/roles/nginx-https/README.md @@ -0,0 +1 @@ +This role loads the components to create an nginx server with https \ No newline at end of file diff --git a/roles/nginx-https/meta/main.yml b/roles/nginx-https/meta/main.yml index 83eb87c5..3b1b4e7d 100644 --- a/roles/nginx-https/meta/main.yml +++ b/roles/nginx-https/meta/main.yml @@ -1,3 +1,3 @@ dependencies: - nginx -- letsencrypt +- letsencrypt \ No newline at end of file diff --git a/roles/nginx-modifier-all/README.md b/roles/nginx-modifier-all/README.md new file mode 100644 index 00000000..5c019531 --- /dev/null +++ b/roles/nginx-modifier-all/README.md @@ -0,0 +1,29 @@ +# Nginx Global Matomo & Theming Modifier Role 🚀 + +This role enhances your Nginx configuration by conditionally injecting global Matomo tracking and theming elements into your HTML responses. It uses Nginx sub-filters to seamlessly add tracking scripts and CSS links to your web pages. + +--- + +## Features + +- **Global Matomo Tracking** + When enabled (`global_matomo_tracking_enabled` is `true`), the role includes Matomo tracking configuration and injects the corresponding tracking script into your HTML. + +- **Global Theming** + When enabled (`global_theming_enabled` is `true`), the role injects a global CSS link for consistent theming across your site. + +- **Smart Injection** + Uses Nginx's `sub_filter` to insert the tracking and theming snippets right before the closing `` tag of your HTML documents. + + +This will automatically activate Matomo tracking and/or global theming based on your configuration. + +--- + +## Author + +Developed by [Kevin Veen-Birkenbach](https://www.veen.world) 😎 + +--- + +Happy automating! 🎉 \ No newline at end of file diff --git a/roles/nginx-modifier-all/meta/main.yml b/roles/nginx-modifier-all/meta/main.yml new file mode 100644 index 00000000..8a501cf3 --- /dev/null +++ b/roles/nginx-modifier-all/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - nginx-modifier-css # Just required to load once \ No newline at end of file diff --git a/roles/nginx-modifier-all/tasks/main.yml b/roles/nginx-modifier-all/tasks/main.yml new file mode 100644 index 00000000..0b85aafe --- /dev/null +++ b/roles/nginx-modifier-all/tasks/main.yml @@ -0,0 +1,4 @@ +- name: "Activate Global Matomo Tracking for {{domain}}" + include_role: + name: nginx-modifier-matomo + when: global_matomo_tracking_enabled | bool \ No newline at end of file diff --git a/roles/nginx-global/templates/global.includes.conf.j2 b/roles/nginx-modifier-all/templates/global.includes.conf.j2 similarity index 54% rename from roles/nginx-global/templates/global.includes.conf.j2 rename to roles/nginx-modifier-all/templates/global.includes.conf.j2 index 49e6c2cb..66592a23 100644 --- a/roles/nginx-global/templates/global.includes.conf.j2 +++ b/roles/nginx-modifier-all/templates/global.includes.conf.j2 @@ -4,14 +4,14 @@ sub_filter_types text/html; {% if global_matomo_tracking_enabled | bool %} # Include Global Matomo Tracking - {% include 'roles/nginx-global-matomo/templates/matomo-tracking.conf.j2' %} + {% include 'roles/nginx-modifier-matomo/templates/matomo-tracking.conf.j2' %} {% endif %} {% if global_theming_enabled | bool or global_matomo_tracking_enabled | bool%} - sub_filter '' '{% if global_matomo_tracking_enabled | bool %}{% include 'roles/nginx-global-matomo/templates/script.j2' %}{% endif %}{% if global_theming_enabled | bool %}{% include 'roles/nginx-global-css/templates/link.j2' %}{% endif %}'; + sub_filter '' '{% if global_matomo_tracking_enabled | bool %}{% include 'roles/nginx-modifier-matomo/templates/script.j2' %}{% endif %}{% if global_theming_enabled | bool %}{% include 'roles/nginx-modifier-css/templates/link.j2' %}{% endif %}'; {% endif %} {% if global_theming_enabled | bool %} # Include Global CSS Location - {% include 'roles/nginx-global-css/templates/location.conf.j2' %} + {% include 'roles/nginx-modifier-css/templates/location.conf.j2' %} {% endif %} diff --git a/roles/nginx-global-css/README.md b/roles/nginx-modifier-css/README.md similarity index 72% rename from roles/nginx-global-css/README.md rename to roles/nginx-modifier-css/README.md index 026cb855..4381b474 100644 --- a/roles/nginx-global-css/README.md +++ b/roles/nginx-modifier-css/README.md @@ -13,23 +13,6 @@ This **Ansible role** provides a **global theming solution** for Nginx-based web --- -## 📂 File Structure - -``` -. -├── tasks/ -│ ├── main.yml # Main Ansible tasks for deploying the global CSS -├── vars/ -│ ├── main.yml # Global variables (CSS paths, file names, etc.) -├── templates/ -│ ├── global.css.j2 # Jinja2 template for generating the global CSS -│ ├── location.conf.j2 # Nginx configuration for serving global.css -│ ├── sub_filter.conf.j2 # Injects the global CSS link into served pages -└── README.md # You are here 🚀 -``` - ---- - ## 🎨 Theming Details The **CSS template (`global.css.j2`)** dynamically applies the defined theme colors and ensures **Bootstrap, buttons, alerts, forms, and other UI elements** follow the **unified design**. diff --git a/roles/nginx-global-css/filter_plugins/color_filters.py b/roles/nginx-modifier-css/filter_plugins/color_filters.py similarity index 100% rename from roles/nginx-global-css/filter_plugins/color_filters.py rename to roles/nginx-modifier-css/filter_plugins/color_filters.py diff --git a/roles/nginx-modifier-css/meta/main.yml b/roles/nginx-modifier-css/meta/main.yml new file mode 100644 index 00000000..1688bdc1 --- /dev/null +++ b/roles/nginx-modifier-css/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - nginx \ No newline at end of file diff --git a/roles/nginx-global-css/tasks/main.yml b/roles/nginx-modifier-css/tasks/main.yml similarity index 70% rename from roles/nginx-global-css/tasks/main.yml rename to roles/nginx-modifier-css/tasks/main.yml index d33a8060..6689a9d6 100644 --- a/roles/nginx-global-css/tasks/main.yml +++ b/roles/nginx-modifier-css/tasks/main.yml @@ -5,7 +5,7 @@ owner: "{{nginx.user}}" group: "{{nginx.user}}" mode: '0755' - when: run_once_nginx_global_css is not defined + when: run_once_nginx_global_css is not defined and global_theming_enabled | bool - name: Deploy global.css from template template: @@ -14,18 +14,18 @@ owner: "{{nginx.user}}" group: "{{nginx.user}}" mode: '0644' - when: run_once_nginx_global_css is not defined + when: run_once_nginx_global_css is not defined and global_theming_enabled | bool - name: Get stat for global.css destination file stat: path: "{{ global_css_destination }}" register: global_css_stat - when: run_once_nginx_global_css is not defined + when: run_once_nginx_global_css is not defined and global_theming_enabled | bool - name: Set global_css_version to file modification time set_fact: global_css_version: "{{ global_css_stat.stat.mtime }}" - when: run_once_nginx_global_css is not defined + when: run_once_nginx_global_css is not defined and global_theming_enabled | bool - name: Mark global css tasks as run once set_fact: diff --git a/roles/nginx-global-css/templates/global.css.j2 b/roles/nginx-modifier-css/templates/global.css.j2 similarity index 100% rename from roles/nginx-global-css/templates/global.css.j2 rename to roles/nginx-modifier-css/templates/global.css.j2 diff --git a/roles/nginx-global-css/templates/link.j2 b/roles/nginx-modifier-css/templates/link.j2 similarity index 100% rename from roles/nginx-global-css/templates/link.j2 rename to roles/nginx-modifier-css/templates/link.j2 diff --git a/roles/nginx-global-css/templates/location.conf.j2 b/roles/nginx-modifier-css/templates/location.conf.j2 similarity index 100% rename from roles/nginx-global-css/templates/location.conf.j2 rename to roles/nginx-modifier-css/templates/location.conf.j2 diff --git a/roles/nginx-global-css/vars/main.yml b/roles/nginx-modifier-css/vars/main.yml similarity index 100% rename from roles/nginx-global-css/vars/main.yml rename to roles/nginx-modifier-css/vars/main.yml diff --git a/roles/nginx-global-matomo/README.md b/roles/nginx-modifier-matomo/README.md similarity index 100% rename from roles/nginx-global-matomo/README.md rename to roles/nginx-modifier-matomo/README.md diff --git a/roles/nginx-modifier-matomo/meta/main.yml b/roles/nginx-modifier-matomo/meta/main.yml new file mode 100644 index 00000000..2cddab86 --- /dev/null +++ b/roles/nginx-modifier-matomo/meta/main.yml @@ -0,0 +1,3 @@ +dependencies: + - docker-matomo + - nginx \ No newline at end of file diff --git a/roles/nginx-global-matomo/tasks/main.yml b/roles/nginx-modifier-matomo/tasks/main.yml similarity index 62% rename from roles/nginx-global-matomo/tasks/main.yml rename to roles/nginx-modifier-matomo/tasks/main.yml index c987b3ac..e6bfa620 100644 --- a/roles/nginx-global-matomo/tasks/main.yml +++ b/roles/nginx-modifier-matomo/tasks/main.yml @@ -1,11 +1,23 @@ -- name: Check if site already exists in Matomo +- name: "Relevant variables for role: {{ role_path | basename }}" + debug: + msg: + domain: "{{ domain }}" + base_domain: "{{ base_domain }}" + verification_url: "{{ verification_url }}" + when: enable_debug | bool + +- name: Check if site {{ domain }} is allready registered at Matomo uri: - url: "https://{{domains.matomo}}/index.php?module=API&method=SitesManager.getSitesIdFromSiteUrl&url=https://{{base_domain}}&format=json&token_auth={{matomo_auth_token}}" - method: GET + url: "{{verification_url}}" + method: GET return_content: yes - status_code: 200 + status_code: 200 validate_certs: yes - register: site_check + register: site_check + +- name: Set matomo_site_id to Null + set_fact: + matomo_site_id: Null - name: Set fact for site ID if site already exists set_fact: @@ -22,12 +34,12 @@ return_content: yes validate_certs: yes register: add_site - when: "matomo_site_id is not defined" + when: "matomo_site_id is not defined or matomo_site_id is none" - name: Set fact for site ID if site was added set_fact: matomo_site_id: "{{ add_site.json.value }}" - when: "matomo_site_id is not defined" + when: "matomo_site_id is not defined or matomo_site_id is none" - name: Set the Matomo tracking code from a template file set_fact: diff --git a/roles/nginx-global-matomo/templates/matomo-tracking.conf.j2 b/roles/nginx-modifier-matomo/templates/matomo-tracking.conf.j2 similarity index 100% rename from roles/nginx-global-matomo/templates/matomo-tracking.conf.j2 rename to roles/nginx-modifier-matomo/templates/matomo-tracking.conf.j2 diff --git a/roles/nginx-global-matomo/templates/matomo-tracking.js.j2 b/roles/nginx-modifier-matomo/templates/matomo-tracking.js.j2 similarity index 100% rename from roles/nginx-global-matomo/templates/matomo-tracking.js.j2 rename to roles/nginx-modifier-matomo/templates/matomo-tracking.js.j2 diff --git a/roles/nginx-global-matomo/templates/script.j2 b/roles/nginx-modifier-matomo/templates/script.j2 similarity index 100% rename from roles/nginx-global-matomo/templates/script.j2 rename to roles/nginx-modifier-matomo/templates/script.j2 diff --git a/roles/nginx-modifier-matomo/vars/main.yml b/roles/nginx-modifier-matomo/vars/main.yml new file mode 100644 index 00000000..60ac38e5 --- /dev/null +++ b/roles/nginx-modifier-matomo/vars/main.yml @@ -0,0 +1,2 @@ +base_domain: "{{ domain | regex_replace('^(?:.*\\.)?(.+\\..+)$', '\\1') }}" +verification_url: "https://{{domains.matomo}}/index.php?module=API&method=SitesManager.getSitesIdFromSiteUrl&url=https://{{base_domain}}&format=json&token_auth={{matomo_auth_token}}" \ No newline at end of file diff --git a/roles/nginx-domain-redirect/README.md b/roles/nginx-redirect-domain/README.md similarity index 64% rename from roles/nginx-domain-redirect/README.md rename to roles/nginx-redirect-domain/README.md index 555494dc..84466d85 100644 --- a/roles/nginx-domain-redirect/README.md +++ b/roles/nginx-redirect-domain/README.md @@ -2,12 +2,6 @@ This Ansible role configures Nginx to perform 301 redirects from one domain to another. It handles SSL certificate retrieval for the source domains and sets up the Nginx configuration to redirect to the specified target domains. -## Requirements - -- Ansible 2.9 or higher -- Nginx installed on the target machine -- Let's Encrypt for SSL certificate management - ## Role Variables - `domain_mappings`: A list of objects with `source` and `target` properties specifying the domains to redirect from and to. @@ -18,13 +12,5 @@ This Ansible role configures Nginx to perform 301 redirects from one domain to a - `nginx-https`: A role for setting up HTTPS for Nginx - `letsencrypt`: A role for managing SSL certificates with Let's Encrypt -## Example Playbook - -```yaml -- hosts: servers - roles: - - { role: nginx-domain-redirect, domain_mappings: [ {source: 'example.com', target: 'newdomain.com'} ] } -`````` - ## Author Information -This role was created in 2023 by Kevin Veen Birkenbach. \ No newline at end of file +This role was created in 2023 by [Kevin Veen-Birkenbach](https://www.veen.world/). \ No newline at end of file diff --git a/roles/nginx-domain-redirect/meta/main.yml b/roles/nginx-redirect-domain/meta/main.yml similarity index 100% rename from roles/nginx-domain-redirect/meta/main.yml rename to roles/nginx-redirect-domain/meta/main.yml diff --git a/roles/nginx-domain-redirect/tasks/main.yml b/roles/nginx-redirect-domain/tasks/main.yml similarity index 100% rename from roles/nginx-domain-redirect/tasks/main.yml rename to roles/nginx-redirect-domain/tasks/main.yml diff --git a/roles/nginx-domain-redirect/templates/redirect.domain.nginx.conf.j2 b/roles/nginx-redirect-domain/templates/redirect.domain.nginx.conf.j2 similarity index 100% rename from roles/nginx-domain-redirect/templates/redirect.domain.nginx.conf.j2 rename to roles/nginx-redirect-domain/templates/redirect.domain.nginx.conf.j2 diff --git a/roles/nginx-redirect-www/README.md b/roles/nginx-redirect-www/README.md new file mode 100644 index 00000000..d184c2bd --- /dev/null +++ b/roles/nginx-redirect-www/README.md @@ -0,0 +1,22 @@ +# nginx-redirect-www + +## Overview +The `nginx-redirect-www` role is designed to automate the process of setting up redirects from `www.domain.tld` to `domain.tld` for all domains and subdomains configured within the `{{nginx.directories.http.servers}}` directory. This role dynamically identifies configuration files following the pattern `*domain.tld.conf` and creates corresponding redirection rules. + +## Role Description +This role performs several key tasks: +1. **Find Configuration Files**: Locates all `.conf` files in the `{{nginx.directories.http.servers}}` directory that match the `*.*.conf` pattern, ensuring that only domain and subdomain configurations are selected. + +2. **Filter Domain Names**: Processes each configuration file, extracting the domain names and removing both the `.conf` extension and the `{{nginx.directories.http.servers}}` path. + +3. **Prepare Redirect Domain Mappings**: Transforms the filtered domain names into a source-target mapping format, where `source` is `www.domain.tld` and `target` is `domain.tld`. + +4. **Include nginx-redirect-domain Role**: Applies the redirection configuration using the `nginx-redirect-domain` role with the dynamically generated domain mappings. + +## Notes +- This role is designed to work in environments where domain and subdomain configurations follow the naming pattern `*domain.tld.conf`. +- It automatically excludes any configurations that begin with `www.`, preventing duplicate redirects. + +--- + +This `nginx-redirect-www` role was crafted by [Kevin Veen-Birkenbach](https://www.veen.world) with insights and guidance provided by ChatGPT, an advanced AI language model from OpenAI. The development process, including the discussions with ChatGPT that shaped this role, can be [here](https://chat.openai.com/share/a68e3574-f543-467d-aea7-0895f0e00bbb) explored in detail. \ No newline at end of file diff --git a/roles/nginx-global-www/meta/main.yml b/roles/nginx-redirect-www/meta/main.yml similarity index 100% rename from roles/nginx-global-www/meta/main.yml rename to roles/nginx-redirect-www/meta/main.yml diff --git a/roles/nginx-global-www/tasks/main.yml b/roles/nginx-redirect-www/tasks/main.yml similarity index 94% rename from roles/nginx-global-www/tasks/main.yml rename to roles/nginx-redirect-www/tasks/main.yml index 1bdb700d..5acad25a 100644 --- a/roles/nginx-global-www/tasks/main.yml +++ b/roles/nginx-redirect-www/tasks/main.yml @@ -30,9 +30,9 @@ var: filtered_domains_with_primary_domain when: enable_debug | bool -- name: Include nginx-domain-redirect role with dynamic domain mappings for domains with {{primary_domain}} included +- name: Include nginx-redirect-domain role with dynamic domain mappings for domains with {{primary_domain}} included include_role: - name: nginx-domain-redirect + name: nginx-redirect-domain vars: domain_mappings: "{{ filtered_domains_with_primary_domain | map('regex_replace', '^(.*)$', '{ source: \"www.\\1\", target: \"\\1\" }') | map('from_yaml') | list }}" when: not enable_wildcard_certificate | bool @@ -57,9 +57,9 @@ var: filtered_domains_without_primary_domain when: enable_debug | bool -- name: Include nginx-domain-redirect role with dynamic domain mappings for domains without primary domain +- name: Include nginx-redirect-domain role with dynamic domain mappings for domains without primary domain include_role: - name: nginx-domain-redirect + name: nginx-redirect-domain vars: domain_mappings: "{{ filtered_domains_without_primary_domain | map('regex_replace', '^(.*)$', '{ source: \"www.\\1\", target: \"\\1\" }') | map('from_yaml') | list }}" diff --git a/roles/nginx-global-www/templates/www.wildcard.conf.j2 b/roles/nginx-redirect-www/templates/www.wildcard.conf.j2 similarity index 100% rename from roles/nginx-global-www/templates/www.wildcard.conf.j2 rename to roles/nginx-redirect-www/templates/www.wildcard.conf.j2 diff --git a/roles/nginx-global-www/vars/main.yml b/roles/nginx-redirect-www/vars/main.yml similarity index 100% rename from roles/nginx-global-www/vars/main.yml rename to roles/nginx-redirect-www/vars/main.yml diff --git a/roles/nginx-static-repository/README.md b/roles/nginx-static-repository/README.md index 64944dc6..5ddf598a 100644 --- a/roles/nginx-static-repository/README.md +++ b/roles/nginx-static-repository/README.md @@ -2,32 +2,5 @@ This Ansible role configures an Nginx server to serve a static homepage. It handles domain configuration, SSL certificate retrieval with Let's Encrypt, and cloning the homepage content from a Git repository. -## Requirements - -- Ansible 2.9 or higher -- Nginx installed on the target machine -- Git installed on the target machine (if cloning a repo) -- `nginx-https` and `git` roles available or configured if they are used as dependencies - -## Role Variables - -- `nginx.directories.homepage`: The directory where the homepage content will be stored (default: `/usr/share/nginx/homepage`) -- `domain`: The domain name for the Nginx server configuration -- `administrator_email`: The email used for SSL certificate registration with Let's Encrypt -- `nginx_static_repository_address`: The Git repository address containing the homepage content - -## Dependencies - -- `nginx-https`: A role for setting up an HTTPS server -- `git`: A role for installing Git - -## Example Playbook - -```yaml -- hosts: servers - roles: - - { role: nginx-static-repository, domain: 'example.com', administrator_email: 'admin@example.com' } -``` - ## Author Information -This role was created in 2023 by Kevin Veen Birkenbach. \ No newline at end of file +This role was created in 2023 by [Kevin Veen Birkenbach](https://www.veen.world/). \ No newline at end of file diff --git a/roles/nginx-static-repository/templates/static.nginx.conf.j2 b/roles/nginx-static-repository/templates/static.nginx.conf.j2 index 3af422b0..3b40348c 100644 --- a/roles/nginx-static-repository/templates/static.nginx.conf.j2 +++ b/roles/nginx-static-repository/templates/static.nginx.conf.j2 @@ -5,7 +5,7 @@ server {% include 'roles/letsencrypt/templates/ssl_header.j2' %} - {% include 'roles/nginx-global/templates/global.includes.conf.j2'%} + {% include 'roles/nginx-modifier-all/templates/global.includes.conf.j2'%} charset utf-8; location / diff --git a/roles/nginx/meta/main.yml b/roles/nginx/meta/main.yml index 4bb39261..131a655c 100644 --- a/roles/nginx/meta/main.yml +++ b/roles/nginx/meta/main.yml @@ -1,3 +1,2 @@ dependencies: - - health-nginx - - nginx-global + - health-nginx \ No newline at end of file diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 8f6aba2f..4b869db2 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -33,16 +33,6 @@ notify: restart nginx when: run_once_nginx is not defined -# Activated due to the reason that certificate management should be part of role nginx-https -# I don't know why this is activated here. -# Propably solved on 2025-02-15 . Please remove latest on 2025-12-31 if no errors appear or earlier -# -#- name: "include task certbot-and-globals.yml" -# include_tasks: certbot-and-globals.yml -# vars: -# domain: "{{primary_domain}}" -# when: run_once_nginx is not defined - - name: flush nginx service meta: flush_handlers when: run_once_nginx is not defined