Use include role to avoid leaky variables.

https://github.com/ansible/ansible/issues/65851
2019-12-16 11:41:13 +01:00 · 2019-12-16 11:41:13 +01:00 · 92c1af4bb9
commit 92c1af4bb9
parent fdd96f495f
5 changed files with 60 additions and 27 deletions
--- a/playbook-julien-palard.yml
+++ b/playbook-julien-palard.yml
@ -1,8 +1,11 @@
 ---

 - hosts: mdk
-  roles:
-    - role: nftables
+  vars:
+    letsencrypt_email: julien@palard.fr
+  tasks:
+    - name: Setup nftables
+      include_role: name=nftables
      vars:
        nftables_conf: |
            #!/usr/sbin/nft -f
@ -19,44 +22,68 @@
                }
            }

-    - role: julienpalard.nginx_letsencrypt
+    - name: Setup mdk.fr
+      include_role: name=static_website
      vars:
-        certificates:
-          - [mdk.fr, www.mdk.fr, julien.palard.fr, mandark.fr, palard.fr, sizeof.fr, www.mandark.fr, www.palard.fr, www.sizeof.fr]
-          - [irc.mdk.fr]
-          - [codeenseine.fr, www.codeenseine.fr]
-          - [le-poitevin.fr, www.le-poitevin.fr]
-          - [tuw.fr]
-          - [wyz.fr, www.wyz.fr]
-        letsencrypt_email: julien@palard.fr
-
-    - role: static_website
-      vars:
-        uri: mdk.fr
+        domain: mdk.fr
+        extra_certificates: [www.mdk.fr]
        owner: mdk_fr
        path: /var/www/mdk.fr/
        public_deploy_key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/8I1ecV8EutLc+Qx6Q8b2RhzXMl9n23LznNlw+MQtM deploy'

-    - role: static_website
+    - name: Setup palard.fr
+      include_role: name=static_website
      vars:
-        uri: le-poitevin.fr
+        domain: palard.fr
+        extra_certificates: [julien.palard.fr, www.palard.fr]
+        nginx_extra: "location / {return 301 https://mdk.fr;}"
+
+    - name: Setup mandark.fr
+      include_role: name=static_website
+      vars:
+        domain: mandark.fr
+        extra_certificates: [www.mandark.fr]
+        nginx_extra: "location / {return 301 https://mdk.fr;}"
+
+    - name: Setup le-poitevin.fr
+      include_role: name=static_website
+      vars:
+        domain: le-poitevin.fr
+        extra_certificates: [www.le-poitevin.fr]
        owner: le_poitevin_fr
        path: /var/www/le-poitevin.fr/
        public_deploy_key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBhFjd1nWN2N0xNm5N+sg9yMcb3sHrYWZ5vPdSUST0zn deploy'

-    - role: static_website
+    - name: Setup codeenseine.fr
+      include_role: name=static_website
      vars:
-        uri: codeenseine.fr
+        domain: codeenseine.fr
+        extra_certificates: [www.codeenseine.fr]
        owner: codeenseine_fr
        path: /var/www/codeenseine.fr/
        public_deploy_key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVUrVDfDWwig4Vau0GJkvEpihMQXUhGVCBOQP6izGgx deploy'

-    - role: weechat
+    - name: Setup kisspush.net
+      include_role: name=static_website
+      vars:
+        domain: kisspush.net
+        extra_certificates: [www.kisspush.net]
+        nginx_extra: "location / {return 301 https://mdk.fr;}"
+
+    - name: Setup letsencrypt
+      include_role: name=julienpalard.nginx_letsencrypt
+      vars:
+        certificates:
+          - [irc.mdk.fr]
+          - [tuw.fr]
+          - [wyz.fr, www.wyz.fr]
+
+    - name: Setup weechat
+      include_role: name=weechat
      vars:
        version: 2.7
        owner: weechat

-  tasks:
    - name: Setup Glowing Bear
      unarchive:
        src: https://github.com/glowing-bear/glowing-bear/archive/0.7.2.tar.gz
--- a/roles/static_website/defaults/main.yml
+++ b/roles/static_website/defaults/main.yml
@ -1,3 +1,4 @@
 ---

 nginx_extra: ""
+extra_certificates: []
--- a/roles/static_website/tasks/static_website.yml
+++ b/roles/static_website/tasks/static_website.yml
@ -4,6 +4,7 @@
  user:
    system: yes
    name: "{{ owner }}"
+  when: owner is defined

 - name: .ssh directory
  file:
@ -11,6 +12,7 @@
    state: directory
    owner: "{{ owner }}"
    mode: 0755
+  when: owner is defined

 - name: Deploy key
  blockinfile:
@ -18,13 +20,14 @@
    owner: "{{ owner }}"
    mode: 0644
    path: "~{{ owner }}/.ssh/authorized_keys"
-    marker: "<!-- {mark} ANSIBLE MANAGED BLOCK: Deploy key for {{ uri }} -->"
+    marker: "<!-- {mark} ANSIBLE MANAGED BLOCK: Deploy key for {{ domain }} -->"
    block: "{{ public_deploy_key }}"
+  when: owner is defined and public_deploy_key is defined

 - name: Configure nginx
  template:
    src: nginx.conf
-    dest: "/etc/nginx/conf.d/{{ uri }}.conf"
+    dest: "/etc/nginx/conf.d/{{ domain }}.conf"
  notify: reload nginx

 - name: WWW directory
@ -34,3 +37,4 @@
    owner: "{{ owner }}"
    group: "{{ owner }}"
    mode: 0755
+  when: owner is defined and path is defined
--- a/roles/static_website/templates/nginx.conf
+++ b/roles/static_website/templates/nginx.conf
@ -1,16 +1,16 @@
 server
 {
    listen 80;
-    server_name .{{ uri }};
+    server_name .{{ domain }};
    return 301 https://$host$request_uri;
 }

 server
 {
    listen 443 ssl;
-    server_name .{{ uri }};
-    root /var/www/{{ uri }}/;
-    include snippets/letsencrypt-{{ uri }}.conf;
+    server_name .{{ domain }};
+    root /var/www/{{ domain }}/;
+    include snippets/letsencrypt-{{ domain }}.conf;
    index index.html;
    {{ nginx_extra }}
 }
--- a/roles/weechat/tasks/weechat.yml
+++ b/roles/weechat/tasks/weechat.yml
@ -19,6 +19,7 @@
    src: "https://github.com/weechat/weechat/archive/v{{ version }}.tar.gz"
    remote_src: yes
    dest: "/usr/local/src/weechat/"
+    creates: "/usr/local/src/weechat/weechat-{{ version }}/"
  register: new_weechat

 - name: Compiling dependencies