From d67ccd82fa979b693e36cd944a3132866e1e3ea3 Mon Sep 17 00:00:00 2001
From: Pierre-Olivier Mercier <nemunaire@nemunai.re>
Date: Tue, 14 Mar 2023 17:06:52 +0100
Subject: [PATCH] Optimize template

---
 templates/nginx.conf.j2 | 40 ++++++++++++++++++++--------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2
index 7eb17c0..8ed5982 100644
--- a/templates/nginx.conf.j2
+++ b/templates/nginx.conf.j2
@@ -2,10 +2,10 @@
 {{ before_server }}
 {% endif %}
 server {
-  {% if nginx_listen80 is defined -%}
-    {{ nginx_listen80 }}
+  {% if nginx_listen80 is defined %}
+  {{ nginx_listen80 }}
   {% else %}
-    listen 80;
+  listen 80;
     listen [::]:80;
   {% endif %}
 {% if proxy_protocol is defined %}
@@ -28,26 +28,26 @@ server {
         # enforce https
         return 301 https://$server_name:443$request_uri;
     }
-    {% if unsecure_server is defined %}
-    {{ unsecure_server }}
-    {% endif %}
+    {% if unsecure_server is defined -%}
+    {{ unsecure_server | indent(4) }}
+    {%- endif %}
     location /.well-known/acme-challenge {
     {% if nginx_acme_challenge is defined %}
         {{ nginx_acme_challenge }}
-    {% else %}
+    {%- else %}
         root /var/www/acme;
     {% endif %}
     }
 }
 
 server {
-  {% if nginx_listen443 is defined -%}
-    {{ nginx_listen443 }}
+  {% if nginx_listen443 is defined %}
+  {{ nginx_listen443 }}
   {% else %}
-    listen 443 ssl http2;
+  listen 443 ssl http2;
     listen [::]:443 ssl http2;
   {% endif %}
-    server_name {% if redirect_to_first is not defined or not redirect_to_first %}{{ domains | join(' ') }}{% else %}{{ domains[0] }}{% endif %};
+  server_name {% if redirect_to_first is not defined or not redirect_to_first %}{{ domains | join(' ') }}{% else %}{{ domains[0] }}{% endif %};
 {% if proxy_protocol is defined %}
 
     listen 442 ssl http2 proxy_protocol;
@@ -63,30 +63,30 @@ server {
     port_in_redirect off;
 {% endif %}
 
-    {% if ssl_certificate is defined %}
-    {{ ssl_certificate }}
-    {% else %}
+    {% if ssl_certificate is defined -%}
+    {{ ssl_certificate | indent(4) }}
+    {% else -%}
     ssl_certificate /etc/ssl/csr/{{ instance_name }}-fullchain.crt;
     ssl_certificate_key /etc/ssl/private/{{ instance_name }}.pem;
     {% endif %}
 
     add_header X-XSS-Protection "0";
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;" always;
-    {% if headers is defined %}{{ headers }}{% endif %}
+    {%+ if headers is defined %}{{ headers }}{% endif %}
 
-    {% if server %}
+    {% if server -%}
     {{ server | indent(4) }}
-    {% endif %}
+    {%- endif %}
 }
 {% if redirect_to_first is defined and redirect_to_first and domains|length > 1 %}
 server {
   {% if nginx_listen443 is defined -%}
     {{ nginx_listen443 }}
   {% else %}
-    listen 443 ssl http2;
+  listen 443 ssl http2;
     listen [::]:443 ssl http2;
   {% endif %}
-    server_name {{ domains[1:] | join(' ') }};
+  server_name {{ domains[1:] | join(' ') }};
 {% if proxy_protocol is defined %}
 
     listen 442 ssl http2 proxy_protocol;
@@ -105,7 +105,7 @@ server {
     {% if ssl_certificate is defined %}
     {{ ssl_certificate }}
     {% else %}
-    ssl_certificate /etc/ssl/csr/{{ instance_name }}-fullchain.crt;
+ssl_certificate /etc/ssl/csr/{{ instance_name }}-fullchain.crt;
     ssl_certificate_key /etc/ssl/private/{{ instance_name }}.pem;
     {% endif %}