From ad7400c02b2aea1dd30d4e859c68b1cba7501555 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Wed, 28 Aug 2019 10:36:26 +0200
Subject: [PATCH] remove old loop syntax

---
 defaults/main.yml        | 18 +++----------
 handlers/main.yml        |  9 -------
 tasks/main.yml           |  2 --
 tasks/nginx.yml          | 48 -----------------------------------
 tasks/pve.yml            |  4 +--
 tasks/tls.yml            |  6 ++---
 templates/nginx/vhost.j2 | 55 ----------------------------------------
 7 files changed, 8 insertions(+), 134 deletions(-)
 delete mode 100644 tasks/nginx.yml
 delete mode 100644 templates/nginx/vhost.j2

diff --git a/defaults/main.yml b/defaults/main.yml
index 120c6f5..cee6390 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -6,26 +6,16 @@ pve_tls_cert_source: mycert.pem
 pve_tls_key_source: mykey.pem
 
 pve_pamd_motd_enabled: True
-# pve_disk_mount: # defaults to not set
+
+pve_disk_mount: []
+## Example:
+# pve_disk_mount:
 #   - path: /mnt/backup
 #     src: /dev/sdX
 #     fstype: ext4
 #     opts:
 #     state: present
 
-pve_nginx_vhost_enabled: False
-pve_server_name: pve.example.com
-pve_server_ip: 127.0.0.1
-pve_server_port: 8006
-pve_nginx_server: myinventoryname
-pve_nginx_vhost_dir: /etc/nginx/sites-available
-pve_nginx_vhost_symlink: /etc/nginx/sites-enabled
-pve_nginx_iptables_enabled: False
-
-pve_nginx_tls_enabled: True
-pve_nginx_tls_cert_file: mycert.pem
-pve_nginx_tls_key_file: mykey.pem
-
 # Configure pam auth
 pve_auth_pam_is_default: True
 pve_auth_pam_description: Linux PAM standard authentication
diff --git a/handlers/main.yml b/handlers/main.yml
index 35c4876..5f63af6 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -6,12 +6,3 @@
   listen: __pveproxy_restart
   become: True
   become_user: root
-
-- name: Reload nginx
-  systemd:
-    state: reloaded
-    name: nginx
-  listen: __nginx_reload
-  delegate_to: "{{ pve_nginx_server }}"
-  become: True
-  become_user: root
diff --git a/tasks/main.yml b/tasks/main.yml
index 5cdc0fb..ee6e82f 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -5,5 +5,3 @@
 - import_tasks: tls.yml
   when: pve_tls_enabled | bool
   tags: tls_renewal
-- import_tasks: nginx.yml
-  when: pve_nginx_vhost_enabled | bool
diff --git a/tasks/nginx.yml b/tasks/nginx.yml
deleted file mode 100644
index de439b4..0000000
--- a/tasks/nginx.yml
+++ /dev/null
@@ -1,48 +0,0 @@
----
-- block:
-    - name: Copy certs and private key to nginx proxy
-      copy:
-        src: "{{ item.src }}"
-        dest: "{{ item.dest }}"
-        mode: "{{ item.mode }}"
-      with_items:
-        - { src: "{{ pve_tls_key_source }}", dest: '/etc/pki/tls/private/{{ pve_nginx_tls_key_file }}', mode: '0600' }
-        - { src: "{{ pve_tls_cert_source }}", dest: '/etc/pki/tls/certs/{{ pve_nginx_tls_cert_file }}', mode: '0750' }
-      loop_control:
-        label: "{{ item.dest }}"
-      notify: __nginx_reload
-  delegate_to: "{{ pve_nginx_server }}"
-  when: pve_nginx_tls_enabled | bool
-  become: True
-  become_user: root
-  tags: tls_renewal
-
-- block:
-    - name: Add vhost configuration file
-      template:
-        src: nginx/vhost.j2
-        dest: "{{ pve_nginx_vhost_dir }}/pve"
-        owner: root
-        group: root
-        mode: 0640
-      notify: __nginx_reload
-
-    - name: Enable pve vhost
-      file:
-        src: "{{ pve_nginx_vhost_dir }}/pve"
-        dest: "{{ pve_nginx_vhost_symlink }}/pve"
-        owner: root
-        group: root
-        state: link
-      notify: __nginx_reload
-      when: pve_nginx_vhost_symlink is defined
-
-    - name: Open ports in iptables
-      iptables_raw:
-        name: allow_pve_nginx_proxy
-        state: present
-        rules: '-A OUTPUT -m state --state NEW -p tcp -d {{ pve_server_ip }} --dport {{ pve_server_port }} -j ACCEPT'
-      when: pve_nginx_iptables_enabled | bool
-  delegate_to: "{{ pve_nginx_server }}"
-  become: True
-  become_user: root
diff --git a/tasks/pve.yml b/tasks/pve.yml
index 27d11ef..f319ce0 100644
--- a/tasks/pve.yml
+++ b/tasks/pve.yml
@@ -5,7 +5,7 @@
         path: "{{ item.path }}"
         recurse: yes
         state: directory
-      loop: "{{ pve_disk_mount | default([]) }}"
+      loop: "{{ pve_disk_mount }}"
       loop_control:
         label: "{{ item.path }}"
 
@@ -16,7 +16,7 @@
         fstype: "{{ item.fstype }}"
         opts: "{{ item.opts | default(omit) }}"
         state: "{{ item.state | default('mounted') }}"
-      loop: "{{ pve_disk_mount | default([]) }}"
+      loop: "{{ pve_disk_mount }}"
       loop_control:
         label: "{{ item.src }}   {{ item.path }}"
   become: True
diff --git a/tasks/tls.yml b/tasks/tls.yml
index bf144e5..c3f35b6 100644
--- a/tasks/tls.yml
+++ b/tasks/tls.yml
@@ -5,7 +5,7 @@
         path: "{{ item }}"
         state: directory
         recurse: True
-      with_items:
+      loop:
         - /etc/pki/tls/certs
         - /etc/pki/tls/private
 
@@ -24,9 +24,7 @@
     - name: Copy cert/key to pve filesystem
       command: "/bin/cp -rf {{ item[0].dest }} /etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}"
       changed_when: item[0].changed
-      with_nested:
-        - "{{ __pve_tls_copy.results }}"
-        - "{{ pve_nodes }}"
+      loop: "{{ __pve_tls_copy.results | product(pve_nodes) | list }}"
       loop_control:
         label: "/etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}"
       notify: __pveproxy_restart
diff --git a/templates/nginx/vhost.j2 b/templates/nginx/vhost.j2
deleted file mode 100644
index 963f991..0000000
--- a/templates/nginx/vhost.j2
+++ /dev/null
@@ -1,55 +0,0 @@
-#jinja2: lstrip_blocks: True
-# {{ ansible_managed }}
-upstream backend_pve {
-    server {{ pve_server_ip }}:{{ pve_server_port }};
-}
-
-server {
-    listen 80;
-    server_name {{ pve_server_name }};
-
-    {% if pve_nginx_tls_enabled %}
-    return 301 https://$server_name$request_uri;
-    {% else %}
-    proxy_redirect off;
-    location / {
-        proxy_pass https://backend_pve;
-
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_buffering off;
-        client_max_body_size 0;
-        proxy_connect_timeout  3600s;
-        proxy_read_timeout  3600s;
-        proxy_send_timeout  3600s;
-        send_timeout  3600s;
-    }
-    {% endif %}
-}
-
-{% if pve_nginx_tls_enabled %}
-server {
-    listen              443 ssl;
-    server_name         {{ pve_server_name }};
-
-    proxy_redirect off;
-
-    location / {
-        proxy_pass https://backend_pve;
-
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_buffering off;
-        client_max_body_size 0;
-        proxy_connect_timeout  3600s;
-        proxy_read_timeout  3600s;
-        proxy_send_timeout  3600s;
-        send_timeout  3600s;
-    }
-
-    ssl_certificate /etc/pki/tls/certs/{{ pve_nginx_tls_cert_file }};
-    ssl_certificate_key /etc/pki/tls/private/{{ pve_nginx_tls_key_file }};
-}
-{% endif %}