fix vikunja

2023-08-14 20:23:20 +02:00 · 2023-08-14 20:23:20 +02:00 · 8fb0ebb6fb
parent a769494bc7
commit 8fb0ebb6fb
3 changed files with 14 additions and 10 deletions
--- a/host_vars/vikunja.yaml
+++ b/host_vars/vikunja.yaml
@ -2,7 +2,11 @@
 ansible_host: vikunja.intra.tormakris.dev
 webserver:
  - domain: "vikunja.tormakristof.eu"
-    port: 8080
+    port: 8081
    bigrequests: false
    https: false
+    additionallocations:
+      - https: true
+        port: 8080
+        location: '~* ^/(api|dav|\.well-known)/'
 ...
--- a/roles/realmd/tasks/main.yaml
+++ b/roles/realmd/tasks/main.yaml
@ -28,12 +28,12 @@
  ansible.builtin.set_fact:
    join_passw: "{{ lookup('env', 'JOIN_PASSW') }}"
  delegate_to: localhost
-  when: found in checkjoined and checkjoined.found == 0
+  when: checkjoined.found == 0

 - name: Join to AD with realmd
  ansible.builtin.shell:
    cmd: echo {{ join_passw }} | realm join -v -U tormakris_admin intra.tormakris.dev
-  when: found in checkjoined and checkjoined.found == 0
+  when: checkjoined.found == 0

 - name: Enable pam homedir create on first logon
  ansible.builtin.command:
@ -53,7 +53,7 @@
    state: present
    path: /etc/sssd/sssd.conf
    line: "ad_gpo_access_control = disabled"
-  when: found in checkadgpoac and checkadgpoac.found == 0
+  when: checkadgpoac.found == 0

 - name: Check if ad_access_filter is set
  ansible.builtin.lineinfile:
@ -69,7 +69,7 @@
    state: present
    path: /etc/sssd/sssd.conf
    line: "ad_access_filter = memberOf=CN=LinuxUsers,OU=Service Groups,DC=intra,DC=tormakris,DC=dev"
-  when: found in checkadaf and checkadaf.found == 0
+  when: checkadaf.found == 0

 - name: "Restart sssd"
  ansible.builtin.service:
@ -90,5 +90,5 @@
    state: present
    path: /etc/sudoers
    line: "%linuxadmins@intra.tormakris.dev ALL=(ALL) NOPASSWD: ALL"
-  when: found in checksudoers and checksudoers.found == 0
+  when: checksudoers.found == 0
 ...
--- a/roles/webserver/templates/nginx.conf
+++ b/roles/webserver/templates/nginx.conf
@ -65,16 +65,16 @@ http {
            return 301 https://$host$request_uri;
        }

-        {%- for server in webserver %}
+        {% for server in webserver %}
        server {
            listen 443 ssl http2;
            listen [::]:443 ssl http2;
            server_name {{ server.domain }};
            ssl_certificate /etc/letsencrypt/live/{{ server.domain }}/fullchain.pem;
            ssl_certificate_key /etc/letsencrypt/live/{{ server.domain }}/privkey.pem;
-            {% if server.bigrequests -%}
+            {% if server.bigrequests %}
            client_max_body_size    8G;
-            {% endif -%}
+            {% endif %}
            location /{
                {% if server.https %}
                proxy_pass  https://127.0.0.1:{{ server.port }};
@ -100,7 +100,7 @@ http {
                proxy_pass  http://127.0.0.1:{{ location.port }};
                {% endif %}
            }
-            {% endfor -%}
+            {% endfor %}
            {% endif %}
        }