From 0ffb77ef1c947271b11f1187ad42d7d2d6be1aa6 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Sat, 27 Jul 2019 10:47:58 +0200
Subject: [PATCH] remove nginx integration

---
 defaults/main.yml        | 11 ----------
 handlers/main.yml        |  9 --------
 tasks/main.yml           |  2 --
 tasks/nginx.yml          | 47 ----------------------------------------
 templates/nginx/vhost.j2 | 38 --------------------------------
 5 files changed, 107 deletions(-)
 delete mode 100644 tasks/nginx.yml
 delete mode 100644 templates/nginx/vhost.j2

diff --git a/defaults/main.yml b/defaults/main.yml
index f1a12ca..0f34ed7 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -155,14 +155,3 @@ matrix_tls_cert_path: "{{ matrix_base_dir }}/tls/certs/mycert.pem"
 matrix_tls_key_path: "{{ matrix_base_dir }}/tls/private/mykey.pem"
 matrix_tls_cert_source: mycert.pem
 matrix_tls_key_source: mykey.pem
-
-matrix_nginx_vhost_enabled: False
-matrix_nginx_server: localhost
-matrix_nginx_vhost_dir: /etc/nginx/sites-available
-matrix_nginx_vhost_symlink: /etc/nginx/sites-enabled
-matrix_nginx_iptables_enabled: False
-matrix_nginx_tls_enabled: False
-matrix_nginx_tls_cert_file: matrix-cert.pem
-matrix_nginx_tls_key_file: matrix-key.pem
-matrix_nginx_proxy_port: "{{ matrix_http_bind_port }}"
-matrix_nginx_proxy_ip: "{{ matrix_http_bind_ips[0] }}"
diff --git a/handlers/main.yml b/handlers/main.yml
index b317d34..2a70b6e 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -8,12 +8,3 @@
   listen: __matrix_restart
   become: True
   become_user: root
-
-- name: Reload nginx
-  systemd:
-    state: reloaded
-    name: nginx
-  listen: __nginx_reload
-  delegate_to: "{{ matrix_nginx_server }}"
-  become: True
-  become_user: root
diff --git a/tasks/main.yml b/tasks/main.yml
index fc4501a..802d1d4 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -6,6 +6,4 @@
 - import_tasks: tls.yml
   when: matrix_tls_enabled | bool
   tags: tls_renewal
-- import_tasks: nginx.yml
-  when: matrix_nginx_vhost_enabled | bool
 - include_tasks: post_tasks.yml
diff --git a/tasks/nginx.yml b/tasks/nginx.yml
deleted file mode 100644
index 4e2714c..0000000
--- a/tasks/nginx.yml
+++ /dev/null
@@ -1,47 +0,0 @@
----
-- block:
-    - name: Copy certs and private key to nginx proxy
-      copy:
-        src: "{{ item.src }}"
-        dest: "{{ item.dest }}"
-        mode: "{{ item.mode }}"
-      loop:
-        - { src: "{{ matrix_tls_key_source }}", dest: '/etc/pki/tls/private/{{ matrix_nginx_tls_key_file }}', mode: '0600' }
-        - { src: "{{ matrix_tls_cert_source }}", dest: '/etc/pki/tls/certs/{{ matrix_nginx_tls_cert_file }}', mode: '0750' }
-      loop_control:
-        label: "{{ item.dest }}"
-      notify: __nginx_reload
-  delegate_to: "{{ matrix_nginx_server }}"
-  when: matrix_nginx_tls_enabled | bool
-  become: True
-  become_user: root
-  tags: tls_renewal
-
-- block:
-    - name: Add vhost configuration file
-      template:
-        src: nginx/vhost.j2
-        dest: "{{ matrix_nginx_vhost_dir }}/matrix"
-        owner: root
-        group: root
-        mode: 0640
-      notify: __nginx_reload
-
-    - name: Enable matrix vhost
-      file:
-        src: "{{ matrix_nginx_vhost_dir }}/matrix"
-        dest: "{{ matrix_nginx_vhost_symlink }}/matrix"
-        owner: root
-        group: root
-        state: link
-      notify: __nginx_reload
-      when: matrix_nginx_vhost_symlink is defined
-
-    - name: Open ports in iptables
-      iptables_raw:
-        name: allow_matrix_nginx_proxy
-        state: "{{ 'present' if matrix_nginx_iptables_enabled else 'absent' }}"
-        rules: '-A OUTPUT -m state --state NEW -p tcp -d {{ matrix_nginx_proxy_ip }} --dport {{ matrix_nginx_proxy_port }} -j ACCEPT'
-  delegate_to: "{{ matrix_nginx_server }}"
-  become: True
-  become_user: root
diff --git a/templates/nginx/vhost.j2 b/templates/nginx/vhost.j2
deleted file mode 100644
index 497e644..0000000
--- a/templates/nginx/vhost.j2
+++ /dev/null
@@ -1,38 +0,0 @@
-#jinja2: lstrip_blocks: True
-# {{ ansible_managed }}
-upstream backend_matrix {
-    server {{ matrix_nginx_proxy_ip }}:{{ matrix_nginx_proxy_port }};
-}
-
-server {
-    listen 80;
-    server_name {{ matrix_client_url | urlsplit('hostname') }};
-
-    client_max_body_size 200M;
-
-    {% if matrix_nginx_tls_enabled %}
-    return 301 https://$server_name$request_uri;
-    {% else %}
-    location / {
-        proxy_pass {{ 'https' if matrix_tls_enabled else 'http' }}://backend_matrix;
-        proxy_set_header X-Forwarded-For $remote_addr;
-    }
-    {% endif %}
-}
-
-{% if matrix_nginx_tls_enabled %}
-server {
-    listen 443 ssl;
-    server_name {{ matrix_client_url | urlsplit('hostname') }};
-
-    client_max_body_size 200M;
-
-    location / {
-        proxy_pass {{ 'https' if matrix_tls_enabled else 'http' }}://backend_matrix;
-        proxy_set_header X-Forwarded-For $remote_addr;
-    }
-
-    ssl_certificate /etc/pki/tls/certs/{{ matrix_nginx_tls_cert_file }};
-    ssl_certificate_key /etc/pki/tls/private/{{ matrix_nginx_tls_key_file }};
-}
-{% endif %}