diff --git a/defaults/main.yml b/defaults/main.yml index 80de6ef..ba4b41a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -67,23 +67,6 @@ droneci_gitea_skip_verify: False # droneci_gitea_oauth_client_id: 1111-222-33333-44444 # defaults to not set # droneci_gitea_oauth_client_secret: 1234abcd5678efgh # defaults to not set -droneci_tls_cert_path: droneci.pem -droneci_tls_key_path: droneci.pem -droneci_tls_cert_source: mycert.pem -droneci_tls_key_source: mykey.pem - -droneci_nginx_vhost_enabled: False -droneci_nginx_tls_enabled: True -droneci_nginx_server: myinventoryname -droneci_nginx_vhost_dir: /etc/nginx/sites-available -droneci_nginx_vhost_symlink: /etc/nginx/sites-enabled -droneci_nginx_iptables_enabled: False -droneci_server_name: droneci.example.com -droneci_server_ip: 127.0.0.1 -droneci_server_http_port: 8080 -droneci_server_proxy_port: "{{ droneci_server_http_port }}" -droneci_server_proxy_protocol: http - # droneci_admin: # defaults to not set # droneci_http_proxy: # defaults to not set # droneci_https_proxy: # defaults to not set diff --git a/handlers/main.yml b/handlers/main.yml index 1acfc2f..64b13de 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -7,11 +7,3 @@ listen: __drone_restart become: True become_user: root - -- name: Reload nginx - systemd: - state: reloaded - name: nginx - listen: __nginx_reload - become: True - become_user: root diff --git a/tasks/main.yml b/tasks/main.yml index 6ebc669..5e4452e 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,5 +1,4 @@ --- - import_tasks: prepare.yml - import_tasks: setup.yml -- import_tasks: nginx.yml - import_tasks: post.yml diff --git a/tasks/nginx.yml b/tasks/nginx.yml deleted file mode 100644 index 3984b02..0000000 --- a/tasks/nginx.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- block: - - name: Copy certs and private key to nginx proxy - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - with_items: - - { src: "{{ droneci_tls_key_source }}", dest: '/etc/pki/tls/private/{{ droneci_tls_key_path | basename }}', mode: '0600' } - - { src: "{{ droneci_tls_cert_source }}", dest: '/etc/pki/tls/certs/{{ droneci_tls_cert_path | basename }}', mode: '0750' } - loop_control: - label: "{{ item.dest }}" - delegate_to: "{{ droneci_nginx_server }}" - become: True - become_user: root - when: droneci_nginx_tls_enabled | bool - tags: tls_renewal - -- block: - - name: Add vhost configuration file - template: - src: nginx/vhost.j2 - dest: "{{ droneci_nginx_vhost_dir }}/droneci" - owner: root - group: root - mode: 0640 - notify: __nginx_reload - - - name: Enable droneci vhost - file: - src: "{{ droneci_nginx_vhost_dir }}/droneci" - dest: "{{ droneci_nginx_vhost_symlink }}/droneci" - owner: root - group: root - state: link - notify: __nginx_reload - when: droneci_nginx_vhost_symlink is defined - delegate_to: "{{ droneci_nginx_server }}" - become: True - become_user: root diff --git a/templates/nginx/vhost.j2 b/templates/nginx/vhost.j2 deleted file mode 100644 index eb4d8b3..0000000 --- a/templates/nginx/vhost.j2 +++ /dev/null @@ -1,42 +0,0 @@ -#jinja2: lstrip_blocks: True -# {{ ansible_managed }} -upstream backend_drone { - server {{ droneci_server_ip }}:{{ droneci_server_proxy_port }}; -} - -server { - listen 80; - server_name {{ droneci_server_name | urlsplit('hostname') }}; - - {% if droneci_nginx_tls_enabled %} - return 301 https://$server_name$request_uri; - {% else %} - location / { - proxy_pass {{ droneci_server_proxy_protocol }}://backend_drone; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - {% endif %} -} - -{% if droneci_nginx_tls_enabled %} -server { - listen 443 ssl; - server_name {{ droneci_server_name | urlsplit('hostname') }}; - - location / { - proxy_pass {{ droneci_server_proxy_protocol }}://backend_drone; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - ssl_certificate /etc/pki/tls/certs/{{ droneci_tls_key_path | basename }}; - ssl_certificate_key /etc/pki/tls/private/{{ droneci_tls_key_path | basename }}; -} -{% endif %}