Clean up code

Code was clean up and simplified to make it simpler and easier to maintain. No features were modified.
2024-11-06 10:47:32 +01:00 · 2021-01-08 18:35:27 +01:00 · 2021-01-08 18:35:27 +01:00 · 5156c63a76
commit 5156c63a76
parent 25d423e6b6
7 changed files with 20 additions and 118 deletions
--- a/roles/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/matrix-nginx-proxy/defaults/main.yml
@ -252,20 +252,20 @@ matrix_nginx_proxy_ssl_presets:
 # Specifies which *SSL protocols* to use when serving all the various vhosts.
 # By default is set to "" and will use the protocols from the preset. If you set it to something different, it will override
 # the values from the preset
-matrix_nginx_proxy_ssl_protocols: ""
+matrix_nginx_proxy_ssl_protocols: "{{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['protocols'] }}"
 # Specifies whether to prefer *the client’s choice or the server’s choice* when
 # negociating the chipher to serve all the various vhost.
 #
 # By default is set to "" and will use the protocols from the preset. If you set it to something different, it will override
 # the values from the preset
-matrix_nginx_proxy_ssl_prefer_server_ciphers: ""
+matrix_nginx_proxy_ssl_prefer_server_ciphers: "{{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['prefer_server_ciphers'] }}"
 # Specifies which *SSL Cipher suites* to use when serving all the various vhosts.
 # By default is set to "" and will use the ciphers from the preset. If you set it to something different, it will override
 # the values from the preset.
 # To see the full list for suportes ciphers run `openssl ciphers` on your server
-matrix_nginx_proxy_ssl_ciphers: ""
+matrix_nginx_proxy_ssl_ciphers: "{{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['ciphers'] }}"
 # Controls whether the self-check feature should validate SSL certificates.
 matrix_nginx_proxy_self_check_validate_certificates: true
--- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2
+++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2
@ -68,25 +68,11 @@ server {
 	ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_element_hostname }}/fullchain.pem;
 	ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_element_hostname }}/privkey.pem;
 	{% if matrix_nginx_proxy_ssl_protocols == "" %}
 	ssl_protocols {{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['protocols'] }};
 	{% else %}
 	ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
-	{% endif %}
+	{% if not matrix_nginx_proxy_ssl_ciphers == "" %}
 	{% if matrix_nginx_proxy_ssl_prefer_server_ciphers == "" %}
 	ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['prefer_server_ciphers'] }};
 	{% else %}
 	ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
 	{% endif %}
 	{% if matrix_nginx_proxy_ssl_ciphers == "" %}
 		{% if matrix_nginx_proxy_ssl_preset == "old" or  matrix_nginx_proxy_ssl_preset == "intermediate" %}
 		ssl_ciphers "{{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['ciphers'] }}";
 		{% endif %}
 	{% else %}
 	ssl_ciphers "{{ matrix_nginx_proxy_ssl_ciphers }}";
 	{% endif %}
 	ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
 	{{ render_vhost_directives() }}
 }
--- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2
+++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2
@ -66,25 +66,11 @@ server {
 	ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_dimension_hostname }}/fullchain.pem;
 	ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_dimension_hostname }}/privkey.pem;
 	{% if matrix_nginx_proxy_ssl_protocols == "" %}
 	ssl_protocols {{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['protocols'] }};
 	{% else %}
 	ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
-	{% endif %}
+	{% if not matrix_nginx_proxy_ssl_ciphers == "" %}
 	{% if matrix_nginx_proxy_ssl_prefer_server_ciphers == "" %}
 	ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['prefer_server_ciphers'] }};
 	{% else %}
 	ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
 	{% endif %}
 	{% if matrix_nginx_proxy_ssl_ciphers == "" %}
 		{% if matrix_nginx_proxy_ssl_preset == "old" or  matrix_nginx_proxy_ssl_preset == "intermediate" %}
 		ssl_ciphers "{{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['ciphers'] }}";
 		{% endif %}
 	{% else %}
 	ssl_ciphers "{{ matrix_nginx_proxy_ssl_ciphers }}";
 	{% endif %}
 	ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
 	{{ render_vhost_directives() }}
 }
--- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2
+++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2
@ -59,25 +59,11 @@ server {
 	ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_base_domain_hostname }}/fullchain.pem;
 	ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_base_domain_hostname }}/privkey.pem;
 	{% if matrix_nginx_proxy_ssl_protocols == "" %}
 	ssl_protocols {{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['protocols'] }};
 	{% else %}
 	ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
-	{% endif %}
+	{% if not matrix_nginx_proxy_ssl_ciphers == "" %}
 	{% if matrix_nginx_proxy_ssl_prefer_server_ciphers == "" %}
 	ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['prefer_server_ciphers'] }};
 	{% else %}
 	ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
 	{% endif %}
 	{% if matrix_nginx_proxy_ssl_ciphers == "" %}
 		{% if matrix_nginx_proxy_ssl_preset == "old" or  matrix_nginx_proxy_ssl_preset == "intermediate" %}
 		ssl_ciphers "{{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['ciphers'] }}";
 		{% endif %}
 	{% else %}
 	ssl_ciphers "{{ matrix_nginx_proxy_ssl_ciphers }}";
 	{% endif %}
 	ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
 	{{ render_vhost_directives() }}
 }
--- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2
+++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2
@ -87,25 +87,11 @@ server {
 	ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_jitsi_hostname }}/fullchain.pem;
 	ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_jitsi_hostname }}/privkey.pem;
 	{% if matrix_nginx_proxy_ssl_protocols == "" %}
 	ssl_protocols {{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['protocols'] }};
 	{% else %}
 	ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
-	{% endif %}
+	{% if not matrix_nginx_proxy_ssl_ciphers == "" %}
 	{% if matrix_nginx_proxy_ssl_prefer_server_ciphers == "" %}
 	ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['prefer_server_ciphers'] }};
 	{% else %}
 	ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
 	{% endif %}
 	{% if matrix_nginx_proxy_ssl_ciphers == "" %}
 		{% if matrix_nginx_proxy_ssl_preset == "old" or  matrix_nginx_proxy_ssl_preset == "intermediate" %}
 		ssl_ciphers "{{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['ciphers'] }}";
 		{% endif %}
 	{% else %}
 	ssl_ciphers "{{ matrix_nginx_proxy_ssl_ciphers }}";
 	{% endif %}
 	ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
 	{{ render_vhost_directives() }}
 }
--- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2
+++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2
@ -52,25 +52,11 @@ server {
 	ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_riot_compat_redirect_hostname }}/fullchain.pem;
 	ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_riot_compat_redirect_hostname }}/privkey.pem;
 	{% if matrix_nginx_proxy_ssl_protocols == "" %}
 	ssl_protocols {{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['protocols'] }};
 	{% else %}
 	ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
-	{% endif %}
+	{% if not matrix_nginx_proxy_ssl_ciphers == "" %}
 	{% if matrix_nginx_proxy_ssl_prefer_server_ciphers == "" %}
 	ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['prefer_server_ciphers'] }};
 	{% else %}
 	ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
 	{% endif %}
 	{% if matrix_nginx_proxy_ssl_ciphers == "" %}
 		{% if matrix_nginx_proxy_ssl_preset == "old" or  matrix_nginx_proxy_ssl_preset == "intermediate" %}
 		ssl_ciphers "{{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['ciphers'] }}";
 		{% endif %}
 	{% else %}
 	ssl_ciphers "{{ matrix_nginx_proxy_ssl_ciphers }}";
 	{% endif %}
 	ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
 	{{ render_vhost_directives() }}
 }
--- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2
+++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2
@ -204,25 +204,11 @@ server {
 	ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_matrix_hostname }}/fullchain.pem;
 	ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_matrix_hostname }}/privkey.pem;
 	{% if matrix_nginx_proxy_ssl_protocols == "" %}
 	ssl_protocols {{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['protocols'] }};
 	{% else %}
 	ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
 	{% if not matrix_nginx_proxy_ssl_ciphers == "" %}
 	ssl_ciphers "{{ matrix_nginx_proxy_ssl_ciphers }}";
 	{% endif %}
 	{% if matrix_nginx_proxy_ssl_prefer_server_ciphers == "" %}
 	ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['prefer_server_ciphers'] }};
 	{% else %}
 	ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
 	{% endif %}
 	{% if matrix_nginx_proxy_ssl_ciphers == "" %}
 		{% if matrix_nginx_proxy_ssl_preset == "old" or  matrix_nginx_proxy_ssl_preset == "intermediate" %}
 		ssl_ciphers "{{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['ciphers'] }}";
 		{% endif %}
 	{% else %}
 	ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }};
 	{% endif %}
 	{{ render_vhost_directives() }}
 }
@ -253,25 +239,11 @@ server {
 		ssl_certificate {{ matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate }};
 		ssl_certificate_key {{ matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key }};
 		{% if matrix_nginx_proxy_ssl_protocols == "" %}
 		ssl_protocols {{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['protocols'] }};
 		{% else %}
 	ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
-		{% endif %}
+	{% if not matrix_nginx_proxy_ssl_ciphers == "" %}
 		{% if matrix_nginx_proxy_ssl_prefer_server_ciphers == "" %}
 		ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['prefer_server_ciphers'] }};
 		{% else %}
 		ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
 		{% endif %}
 		{% if matrix_nginx_proxy_ssl_ciphers == "" %}
 			{% if matrix_nginx_proxy_ssl_preset == "old" or  matrix_nginx_proxy_ssl_preset == "intermediate" %}
 			ssl_ciphers "{{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['ciphers'] }}";
 			{% endif %}
 		{% else %}
 	ssl_ciphers "{{ matrix_nginx_proxy_ssl_ciphers }}";
 	{% endif %}
 	ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
 	{% endif %}