From fd3d818b6e3adb17d5fc810711d1427a326eb3ea Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Sun, 7 Jul 2024 14:07:51 +0200 Subject: [PATCH] Don't use set_fact --- tasks/main.yml | 22 +++++++--------------- vars/main.yml | 15 +++++++++++++++ 2 files changed, 22 insertions(+), 15 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index c175268..8c5e41a 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,19 +1,11 @@ --- -- ansible.builtin.set_fact: - unsecure_server: | - location @{{ instance_name | default(ansible_play_name) | replace(" ", "_") }}_neighbor { - proxy_pass http://{{ neighbor.host }}; - proxy_set_header Host {{ neighbor.target }}; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - nginx_acme_challenge: | - try_files $uri $uri/ @{{ instance_name | default(ansible_play_name) | replace(" ", "_") }}_neighbor; - -- ansible.builtin.set_fact: - onlyifnotexist: true - server: "" - when: notls +- ansible.builtin.include_role: + name: "{{ next_role }}" + when: not notls - ansible.builtin.include_role: name: "{{ next_role }}" + vars: + onlyifnotexist: true + server: "" + when: notls diff --git a/vars/main.yml b/vars/main.yml index 4721837..d1e839d 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,2 +1,17 @@ --- next_role: re.nemunai.nginx-config-svc + +unsecure_server: | + location @{{ instance_name | default(ansible_play_name) | replace(" ", "_") }}_neighbor { + proxy_pass http://{{ neighbor.host }}; + {% if "target" in neighbor %}proxy_set_header Host {{ neighbor.target }};{% endif %} + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + location / { + # enforce https + return 301 https://$server_name:443$request_uri; + } +nginx_acme_challenge: | + try_files $uri $uri/ @{{ instance_name | default(ansible_play_name) | replace(" ", "_") }}_neighbor;