Update to 2022-02-09 17:00

2022-02-09 17:00:06 +01:00 · 2022-02-09 17:00:06 +01:00 · 6f6d3b7382
parent 00b3d728c8
commit 6f6d3b7382
9 changed files with 75 additions and 74 deletions
--- a/roles/nginx/tasks/conf.yml
+++ b/roles/nginx/tasks/conf.yml
@ -20,7 +20,7 @@
    - ansible_conf.d/10-ssl.conf
    - ansible_conf.d/30-vhosts.conf
  notify: reload nginx
-  tags: [web,conf]
+  tags: web,conf,quickweb

 - name: Remove naxsi configuration
  file: path=/etc/nginx/{{ item }} state=absent
@ -37,7 +37,7 @@
    - ansible_conf.d/10-filter.conf
    - ansible_conf.d/headers.inc
  notify: reload nginx
-  tags: [web,conf]
+  tags: web,conf

  # TODO make it configurable
 - name: Create dummy white and blacklist files for nginx
--- a/roles/nginx/tasks/facts.yml
+++ b/roles/nginx/tasks/facts.yml
@ -1,32 +1,32 @@
 ---
 - name: List http ports
  set_fact: nginx_ports={{ nginx_ports + (nginx_vhosts | selectattr('port','defined') | map(attribute='port') | list) | flatten | unique }}
-  tags: [firewall,web]
+  tags: firewall,web,quickweb

 - name: List https ports
  set_fact: nginx_ssl_ports={{ nginx_ssl_ports + (nginx_vhosts | selectattr('ssl','defined') | selectattr('ssl.port','defined') | map(attribute='ssl.port') | list) | flatten | unique }}
-  tags: [firewall,web]
+  tags: firewall,web,quickweb

 - set_fact: nginx_cert_path={{ '/var/lib/dehydrated/certificates/certs/' + nginx_letsencrypt_cert + '/fullchain.pem' }}
  when: nginx_letsencrypt_cert is defined
-  tags: [web,conf]
+  tags: web,conf,quickweb
 - set_fact: nginx_key_path={{ '/var/lib/dehydrated/certificates/certs/' + nginx_letsencrypt_cert + '/privkey.pem' }}
  when: nginx_letsencrypt_cert is defined
-  tags: [web,conf]
+  tags: web,conf,quickweb

 - name: Merge vhosts settings with defaults
  set_fact: nginx_vhosts_conf={{ nginx_vhosts_conf | default([]) + [ nginx_default_vhost | combine(item, recursive=True) ] }}
  with_items: "{{ nginx_vhosts }}"
-  tags: [web,conf]
+  tags: web,conf,quickweb
 - set_fact: nginx_vhosts={{ nginx_vhosts_conf | default([]) }}
-  tags: [web,conf]
+  tags: web,conf,quickweb

 - name: Check if Lemonldap::NG is installed
  stat: path=/etc/lemonldap-ng/lemonldap-ng.ini
  register: nginx_llng
-  tags: web
+  tags: web,quickweb

 - name: Check if llng_header.inc conf is installed
  stat: path=/etc/nginx/ansible_conf.d/llng_headers.inc
  register: nginx_llng_headers
-  tags: web
+  tags: web,quickweb
--- a/roles/nginx/templates/ansible_conf.d/09-cacheable.conf.j2
+++ b/roles/nginx/templates/ansible_conf.d/09-cacheable.conf.j2
@ -10,6 +10,7 @@ map $sent_http_content_type $is_client_cacheable {
  application/font-sfnt               1;
  font/ttf                            1;
  font/opentype                       1;
+  font/woff                           1;
  font/woff2                          1;
  application/font-woff               1;
  application/vnd.ms-fontobject       1;
@ -21,6 +22,6 @@ map $request_uri $is_proxy_cacheable {
  ~*\.(png|jpe?g|bmp|gif|webp)$       1;
  ~*\.(js|css|txt)$                   1;
  ~*\.(pdf)$                          1;
-  ~*\.(ttf|ott|woff2)$                1;
+  ~*\.(ttf|ott|woff?2)$               1;
  ~*\.(mp3|mp4|avi|mpe?g|mov|flv)$    1;
 }
--- a/roles/system_proxy/defaults/main.yml
+++ b/roles/system_proxy/defaults/main.yml
@ -1,10 +1,21 @@
 ---

+# System proxy to use. If undefined or set to an empty string
+# proxy will be disabled
 # system_proxy: http://proxyout.example.org:3128
+
+# List of hosts for which no proxy should be used
 system_proxy_base_no_proxy:
  - 127.0.0.1
  - localhost
  - "{{ inventory_hostname | regex_replace('^([^.]+)\\..*','\\1') }}"
  - "{{ inventory_hostname }}"
+# Can be used to add no_proxy hosts without overriding the default ones
 system_proxy_extra_no_proxy: []
 system_proxy_no_proxy: "{{ system_proxy_base_no_proxy + system_proxy_extra_no_proxy }}"
+
+# List of protocols for which env variables will be set (if a proxy is configured)
+system_proxy_proto:
+  - http
+  - https
+  - ftp
--- a/roles/system_proxy/tasks/Debian.yml
+++ b/roles/system_proxy/tasks/Debian.yml
@ -0,0 +1,17 @@
+---
+
+- name: Config proxy for apt
+  copy:
+    content: |
+      Acquire::http::Proxy "{{ system_proxy }}";
+      Acquire::https::Proxy "{{ system_proxy }}";
+    dest: /etc/apt/apt.conf.d/10proxy
+  when:
+    - system_proxy is defined
+    - system_proxy != ''
+  tags: proxy
+
+- name: Remove proxy from apt config
+  file: path=/etc/apt/apt.conf.d/10proxy state=absent
+  when: system_proxy is not defined or system_proxy == ''
+  tags: proxy
--- a/roles/system_proxy/tasks/RedHat.yml
+++ b/roles/system_proxy/tasks/RedHat.yml
@ -0,0 +1,20 @@
+---
+
+- name: Configure proxy for yum
+  ini_file:
+    path: /etc/yum.conf
+    section: main
+    option: proxy
+    value: "{{ (system_proxy is defined and system_proxy != '') | ternary(system_proxy,'') }}"
+    state: "{{ (system_proxy is defined and system_proxy != '') | ternary('present','absent') }}"
+  tags: proxy
+
+- name: Configure proxy for dnf
+  ini_file:
+    path: /etc/dnf/yum.conf
+    section: main
+    option: proxy
+    value: "{{ (system_proxy is defined and system_proxy != '') | ternary(system_proxy,'') }}"
+    state: "{{ (system_proxy is defined and system_proxy != '') | ternary('present','absent') }}"
+  when: ansible_distribution_major_version is version('8', '>=')
+  tags: proxy
--- a/roles/system_proxy/tasks/main.yml
+++ b/roles/system_proxy/tasks/main.yml
@ -10,13 +10,7 @@
    regexp: "^{{ item }}=.*"
    line: "{{ item }}={{ (system_proxy is defined and system_proxy != '') | ternary(system_proxy,'') }}"
    state: "{{ (system_proxy is defined and system_proxy != '') | ternary('present','absent') }}"
-  with_items:
-    - http_proxy
-    - HTTP_PROXY
-    - https_proxy
-    - HTTPS_PROXY
-    - ftp_proxy
-    - FTP_PROXY
+  with_items: "{{ system_proxy_proto | map('regex_replace', '^(.*)$', '\\1_proxy') | list }} + {{ system_proxy_proto | map('regex_replace', '^(.*)$', '\\1_proxy') | map('upper') | list }}"
  tags: proxy

 - name: Set proxy exceptions
@ -30,55 +24,15 @@
    - NO_PROXY
  tags: proxy

- name: Creates systemd.conf.d dir
-  file: path=/etc/systemd/system.conf.d state=directory
-  when: ansible_service_mgr == 'systemd'
+- when: ansible_service_mgr == 'systemd'
+  block:
+    - name: Creates systemd.conf.d dir
+      file: path=/etc/systemd/system.conf.d state=directory
+
+    - name: Deploy a systemd snippet for default proxy
+      template: src=systemd.conf.j2 dest=/etc/systemd/system.conf.d/proxy.conf
+      notify: reload systemd
  tags: proxy

- name: Deploy a systemd snippet for default proxy
-  template: src=systemd.conf.j2 dest=/etc/systemd/system.conf.d/proxy.conf
-  notify: reload systemd
-  when: ansible_service_mgr == 'systemd'
-  tags: proxy
-
- name: Configure proxy for yum
-  ini_file:
-    path: /etc/yum.conf
-    section: main
-    option: proxy
-    value: "{{ (system_proxy is defined and system_proxy != '') | ternary(system_proxy,'') }}"
-    state: "{{ (system_proxy is defined and system_proxy != '') | ternary('present','absent') }}"
-  when: ansible_os_family == 'RedHat'
-  tags: proxy
-
- name: Configure proxy for dnf
-  ini_file:
-    path: /etc/dnf/yum.conf
-    section: main
-    option: proxy
-    value: "{{ (system_proxy is defined and system_proxy != '') | ternary(system_proxy,'') }}"
-    state: "{{ (system_proxy is defined and system_proxy != '') | ternary('present','absent') }}"
-  when:
-    - ansible_os_family == 'RedHat'
-    - ansible_distribution_major_version is version('8', '>=')
-  tags: proxy
-
- name: Config proxy for apt
-  copy:
-    content: |
-      Acquire::http::Proxy "{{ system_proxy }}";
-      Acquire::https::Proxy "{{ system_proxy }}";
-    dest: /etc/apt/apt.conf.d/10proxy
-  when:
-    - ansible_os_family == 'Debian'
-    - system_proxy is defined
-    - system_proxy != ''
-  tags: proxy
-
- name: Remove proxy from apt config
-  file: path=/etc/apt/apt.conf.d/10proxy state=absent
-  when:
-    - ansible_os_family == 'Debian'
-    - system_proxy is not defined or system_proxy == ''
-  tags: proxy
+- include: "{{ ansible_os_family }}.yml"

--- a/roles/system_proxy/templates/proxy.sh.j2
+++ b/roles/system_proxy/templates/proxy.sh.j2
@ -1,12 +1,10 @@
 #!/bin/bash

 {% if system_proxy is defined and system_proxy != '' %}
-export http_proxy={{ system_proxy }}
-export https_proxy={{ system_proxy }}
-export ftp_proxy={{ system_proxy }}
-export HTTP_PROXY={{ system_proxy }}
-export HTTPS_PROXY={{ system_proxy }}
-export FTP_PROXY={{ system_proxy }}
+{% for proto in system_proxy_proto %}
+export {{ proto }}_proxy={{ system_proxy }}
+export {{ proto | upper }}_PROXY={{ system_proxy }}
+{% endfor %}
 export no_proxy='{{ system_proxy_no_proxy | join(',') }}'
 export NO_PROXY='{{ system_proxy_no_proxy | join(',') }}'
 {% endif %}
--- a/roles/system_proxy/templates/systemd.conf.j2
+++ b/roles/system_proxy/templates/systemd.conf.j2
@ -1,6 +1,6 @@
 [Manager]
 {% if system_proxy is defined  and system_proxy != '' %}
-DefaultEnvironment=http_proxy={{ system_proxy }} https_proxy={{ system_proxy }} ftp_proxy={{ system_proxy }} HTTP_PROXY={{ system_proxy }} HTTPS_PROXY={{ system_proxy }} FTP_PROXY={{ system_proxy }} no_proxy={{ system_proxy_no_proxy | join(',') }} NO_PROXY={{ system_proxy_no_proxy | join(',') }}
+DefaultEnvironment={% for proto in system_proxy_proto %}{{ proto }}_proxy={{ system_proxy }} {{ proto | upper }}_PROXY={{ system_proxy }} {% endfor %}no_proxy={{ system_proxy_no_proxy | join(',') }} NO_PROXY={{ system_proxy_no_proxy | join(',') }}
 {% else %}
 # No proxy configured
 {% endif %}