diff --git a/defaults/main.yml b/defaults/main.yml index 8b8b858..0e76e2a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -94,16 +94,5 @@ gitea_mail_service_from: '"System" ' gitea_tls_enabled: False gitea_tls_cert_path: "{{ gitea_base_dir }}/tls/certs/mycert.pem" gitea_tls_key_path: "{{ gitea_base_dir }}/tls/private/mykey.pem" -gitea_tls_source_use_content: False -gitea_tls_source_use_files: True gitea_tls_cert_source: mycert.pem gitea_tls_key_source: mykey.pem - -gitea_nginx_vhost_enabled: False -gitea_nginx_server: localhost -gitea_nginx_vhost_dir: /etc/nginx/sites-available -gitea_nginx_vhost_symlink: /etc/nginx/sites-enabled -gitea_nginx_iptables_enabled: False -gitea_nginx_tls_enabled: False -gitea_nginx_tls_cert_file: gitea-cert.pem -gitea_nginx_tls_key_file: gitea-key.pem diff --git a/handlers/main.yml b/handlers/main.yml index e566671..e477889 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -8,12 +8,3 @@ listen: __gitea_restart become: True become_user: root - -- name: Reload nginx - systemd: - state: reloaded - name: nginx - listen: __nginx_reload - delegate_to: "{{ gitea_nginx_server }}" - become: True - become_user: root diff --git a/tasks/main.yml b/tasks/main.yml index 5988201..e47458a 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -6,6 +6,4 @@ - import_tasks: tls.yml when: gitea_tls_enabled tags: tls_renewal -- import_tasks: nginx.yml - when: gitea_nginx_vhost_enabled - include_tasks: post_tasks.yml diff --git a/tasks/nginx.yml b/tasks/nginx.yml deleted file mode 100644 index 427954c..0000000 --- a/tasks/nginx.yml +++ /dev/null @@ -1,62 +0,0 @@ ---- -- block: - - name: Copy certs and private key to nginx proxy (content) - copy: - content: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - with_items: - - { src: "{{ gitea_tls_key_source }}", dest: '/etc/pki/tls/private/{{ gitea_nginx_tls_key_file }}', mode: '0600' } - - { src: "{{ gitea_tls_cert_source }}", dest: '/etc/pki/tls/certs/{{ gitea_nginx_tls_cert_file }}', mode: '0750' } - loop_control: - label: "{{ item.dest }}" - notify: __nginx_reload - when: gitea_tls_source_use_content - - - name: Copy certs and private key to nginx proxy (files) - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - with_items: - - { src: "{{ gitea_tls_key_source }}", dest: '/etc/pki/tls/private/{{ gitea_nginx_tls_key_file }}', mode: '0600' } - - { src: "{{ gitea_tls_cert_source }}", dest: '/etc/pki/tls/certs/{{ gitea_nginx_tls_cert_file }}', mode: '0750' } - loop_control: - label: "{{ item.dest }}" - notify: __nginx_reload - when: gitea_tls_source_use_files - delegate_to: "{{ gitea_nginx_server }}" - when: gitea_nginx_tls_enabled - become: True - become_user: root - tags: tls_renewal - -- block: - - name: Add vhost configuration file - template: - src: nginx/vhost.j2 - dest: "{{ gitea_nginx_vhost_dir }}/gitea" - owner: root - group: root - mode: 0640 - notify: __nginx_reload - - - name: Enable gitea vhost - file: - src: "{{ gitea_nginx_vhost_dir }}/gitea" - dest: "{{ gitea_nginx_vhost_symlink }}/gitea" - owner: root - group: root - state: link - notify: __nginx_reload - when: gitea_nginx_vhost_symlink is defined - - - name: Open ports in iptables - iptables_raw: - name: allow_gitea_nginx_proxy - state: present - rules: '-A OUTPUT -m state --state NEW -p tcp -d {{ gitea_bind_ip }} --dport {{ gitea_bind_port }} -j ACCEPT' - when: gitea_nginx_iptables_enabled - delegate_to: "{{ gitea_nginx_server }}" - become: True - become_user: root diff --git a/tasks/tls.yml b/tasks/tls.yml index 8b5755d..10250b1 100644 --- a/tasks/tls.yml +++ b/tasks/tls.yml @@ -14,7 +14,7 @@ become_user: root - block: - - name: Copy certs and private key (file) + - name: Copy certs and private key copy: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -24,20 +24,5 @@ - { src: "{{ gitea_tls_cert_source }}", dest: '{{ gitea_tls_cert_path }}', mode: '0750' } loop_control: label: "{{ item.dest }}" - register: __gitea_certs_file - when: gitea_tls_source_use_files - - - name: Copy certs and private key (content) - copy: - content: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - with_items: - - { src: "{{ gitea_tls_key_source }}", dest: '{{ gitea_tls_key_path }}', mode: '0600' } - - { src: "{{ gitea_tls_cert_source }}", dest: '{{ gitea_tls_cert_path }}', mode: '0750' } - loop_control: - label: "{{ item.dest }}" - register: __gitea_certs_content - when: gitea_tls_source_use_content become: True become_user: "{{ gitea_user }}" diff --git a/templates/nginx/vhost.j2 b/templates/nginx/vhost.j2 deleted file mode 100644 index dd750bd..0000000 --- a/templates/nginx/vhost.j2 +++ /dev/null @@ -1,42 +0,0 @@ -#jinja2: lstrip_blocks: True -# {{ ansible_managed }} -upstream backend_gitea { - server {{ gitea_bind_ip }}:{{ gitea_bind_port }}; -} - -server { - listen 80; - server_name {{ gitea_listen_address | urlsplit('hostname') }}; - - {% if gitea_nginx_tls_enabled %} - return 301 https://$server_name$request_uri; - {% else %} - location / { - proxy_pass {{ 'https' if gitea_tls_enabled else 'http' }}://backend_gitea; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - {% endif %} -} - -{% if gitea_nginx_tls_enabled %} -server { - listen 443 ssl; - server_name {{ gitea_listen_address | urlsplit('hostname') }}; - - location / { - proxy_pass {{ 'https' if gitea_tls_enabled else 'http' }}://backend_gitea; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - ssl_certificate /etc/pki/tls/certs/{{ gitea_nginx_tls_cert_file }}; - ssl_certificate_key /etc/pki/tls/private/{{ gitea_nginx_tls_key_file }}; -} -{% endif %}