From b941f6e5aa224107a40a9a3b1296725277cc7558 Mon Sep 17 00:00:00 2001
From: vjrj <vjrj@comunes.org>
Date: Fri, 27 Dec 2024 19:47:52 +0100
Subject: [PATCH 1/4] Optimize nginx vhost generation

---
 .../roles/nginx_vhost/tasks/defaulthost.yml   |  85 +-----
 ansible/roles/nginx_vhost/tasks/main.yml      | 282 +-----------------
 .../nginx_vhost/templates/nginx_vhost.j2      |  48 +++
 .../templates/nginx_vhost_default.j2          |  12 +
 .../templates/nginx_vhost_macros.j2           |  76 +++++
 5 files changed, 145 insertions(+), 358 deletions(-)
 create mode 100644 ansible/roles/nginx_vhost/templates/nginx_vhost.j2
 create mode 100644 ansible/roles/nginx_vhost/templates/nginx_vhost_default.j2
 create mode 100644 ansible/roles/nginx_vhost/templates/nginx_vhost_macros.j2

diff --git a/ansible/roles/nginx_vhost/tasks/defaulthost.yml b/ansible/roles/nginx_vhost/tasks/defaulthost.yml
index 731fc7211..28e890281 100644
--- a/ansible/roles/nginx_vhost/tasks/defaulthost.yml
+++ b/ansible/roles/nginx_vhost/tasks/defaulthost.yml
@@ -22,25 +22,6 @@
   tags:
     - nginx_vhost
 
-- name: remove previous fragments dir for aws_elb_default
-  file:
-    path: "{{nginx_conf_dir}}/vhost_fragments/aws_elb_default"
-    state: absent
-  when: ala_default_vhost and vhost_required
-  tags:
-    - nginx_vhost
-
-- name: ensure fragments dir for default vhost for ala is present
-  file:
-    path: "{{nginx_conf_dir}}/vhost_fragments/ala_default"
-    state: directory
-    mode: 0755
-    owner: root
-    group: root
-  when: ala_default_vhost and vhost_required
-  tags:
-    - nginx_vhost
-
 - name: add upstream fragment
   template:
     src: "fragment_02_upstream.j2"
@@ -65,69 +46,13 @@
   tags:
     - nginx_vhost
 
-- name: add start of default vhost for ala
-  template:
-    src: "ala_default_start.j2"
-    dest: "{{nginx_conf_dir}}/vhost_fragments/ala_default/10_ala_default_start"
-  when: ala_default_vhost and vhost_required
-  tags:
-    - nginx_vhost
-
-- name: add start location fragment for default vhost for Amazon load balancer health checks
-  template:
-    src: "fragment_70_location_start.j2"
-    dest: "{{nginx_conf_dir}}/vhost_fragments/ala_default/70_location_{{ item.sort_label | default(item.path | basename) }}_70_start"
-  with_items:
-    - "{{ nginx_paths }}"
-  when: ala_default_vhost and vhost_required
-  tags:
-    - nginx_vhost
-
-- name: add default contents location fragment for default vhost for Amazon load balancer health checks
-  template:
-    src: "fragment_71_location_default.j2"
-    dest: "{{nginx_conf_dir}}/vhost_fragments/ala_default/70_location_{{ item.sort_label | default(item.path | basename) }}_71_default"
-  with_items:
-    - "{{ nginx_paths }}"
-  when: ala_default_vhost and vhost_required
-  tags:
-    - nginx_vhost
-
-- name: add usual contents location fragment for default vhost for Amazon load balancer health checks
-  template:
-    src: "fragment_73_location.j2"
-    dest: "{{nginx_conf_dir}}/vhost_fragments/ala_default/70_location_{{ item.sort_label | default(item.path | basename) }}_73_content"
-  with_items:
-    - "{{ nginx_paths }}"
-  when: ala_default_vhost and vhost_required
-  tags:
-    - nginx_vhost
-
-- name: add end location fragment for default vhost for Amazon load balancer health checks
+- name: Create Nginx default config from template
   template:
-    src: "fragment_75_location_end.j2"
-    dest: "{{nginx_conf_dir}}/vhost_fragments/ala_default/70_location_{{ item.sort_label | default(item.path | basename) }}_75_end"
-  with_items:
-    - "{{ nginx_paths }}"
-  when: ala_default_vhost and vhost_required
-  tags:
-    - nginx_vhost
-
-- name: add end of default vhost for ala
-  template:
-    src: "ala_default_end.j2"
-    dest: "{{nginx_conf_dir}}/vhost_fragments/ala_default/90_ala_default_end"
-  when: ala_default_vhost and vhost_required
-  tags:
-    - nginx_vhost
-
-- name: assemble fragments into default vhost for Amazon load balancer health checks
-  assemble:
-    src: "{{nginx_conf_dir}}/vhost_fragments/ala_default"
-    dest: "{{nginx_conf_dir}}/sites-available/ala_default.conf"
-  when: ala_default_vhost and vhost_required
+    src: "nginx_vhost_default.j2"
+    dest: "{{ nginx_conf_dir }}/sites-available/{{ hostname }}{{ vfragments_suffix }}.conf"
+  when: vhost_required | bool == True
   notify:
-   - reload nginx
+    - reload nginx
   tags:
     - nginx_vhost
 
diff --git a/ansible/roles/nginx_vhost/tasks/main.yml b/ansible/roles/nginx_vhost/tasks/main.yml
index d85fbd983..f91427165 100644
--- a/ansible/roles/nginx_vhost/tasks/main.yml
+++ b/ansible/roles/nginx_vhost/tasks/main.yml
@@ -204,18 +204,6 @@
   tags:
     - nginx_vhost
 
-# check dir exists for servername fragments
-- name: ensure vhost fragments dir is present
-  file: 
-    path: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}"
-    state: directory
-    mode: 0755 
-    owner: root
-    group: root
-  when: vhost_required | bool == True
-  tags:
-    - nginx_vhost
-
 - name: ensure nginx cache dir is present if configured
   file: 
     path: "{{nginx_cache_path}}"
@@ -251,281 +239,19 @@
   tags:
     - nginx_vhost
 
-- name: add upstream fragment
-  template:
-    src: "fragment_02_upstream.j2"
-    dest: "{{nginx_conf_dir}}/conf.d/http_02_upstream_{{ hostname }}_127.0.0.1_{{ tomcat_server_port | default('8080', True) }}.conf"
-  when: vhost_required | bool == True and nginx_load_balancing | bool == true and item.is_proxy and item.proxy_pass is defined
-  with_items:
-    - "{{ nginx_paths}} "
-  notify:
-   - reload nginx
-  tags:
-    - nginx_vhost
-
-- name: remove upstream fragment if not needed
-  file:
-    path: "{{nginx_conf_dir}}/conf.d/http_02_upstream_{{ hostname }}_127.0.0.1_{{ tomcat_server_port | default('8080', True) }}.conf"
-    state: absent
-  when: vhost_required | bool == True and nginx_load_balancing | bool != true
-  with_items:
-    - "{{ nginx_paths}} "
-  notify:
-   - reload nginx
-  tags:
-    - nginx_vhost
-
-- name: add blocking if configured
-  template:
-    src: "fragment_03_blocking.j2"
-    dest: "{{nginx_conf_dir}}/conf.d/http_03_blocking.conf"
-  when: vhost_required | bool == True
-  notify:
-   - reload nginx
-  tags:
-    - nginx_vhost
-
-- name: add nginx rate limiter if configured
-  template:
-    src: "fragment_04_ratelimit.j2"
-    dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/http_04_ratelimit"
-  when: vhost_required | bool == True and nginx_rate_limit_enabled | bool == True
-  tags:
-    - nginx_vhost
-
-- name: add cache fragment if configured
-  template:
-    src: "fragment_05_cache.j2"
-    dest: "{{nginx_conf_dir}}/conf.d/http_05_cache_{{ nginx_cache_zone }}.conf"
-  when: vhost_required | bool == True and nginx_cache | bool == True
-  notify:
-   - reload nginx
-  tags:
-    - nginx_vhost
-
-# If any of the nginx_paths has is_websocket, we need to add this template
-- name: add connection upgrade fragment
-  template:
-    src: "fragment_06_connection.j2"
-    dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/http_06_connection"
-  when: vhost_required | bool == True and nginx_load_balancing | bool == false and item.is_websocket is defined and item.is_websocket | bool == true
-  with_items:
-    - "{{ nginx_paths}} "
-
-# copy 10, 20, 90 as http (e.g. dest file might be /etc/nginx/vhost_fragments/bie-test.ala.org.au/http_10_start)
-- name: add start http fragment
-  template:
-    src: "fragment_10_start_http.j2"
-    dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/http_10_start"
-  when: vhost_required | bool == True
-  tags:
-    - nginx_vhost
-
-- name: add basic http fragments
-  template:
-    src: "fragment_{{ item }}.j2"
-    dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/http_{{ item }}"
-  with_items:
-    - "20_servername"
-    - "90_end"
-  when: vhost_required | bool == True
-  tags:
-    - nginx_vhost
-
-- name: Find https fragments if not using https
-  find:
-    paths: "{{ nginx_conf_dir }}/vhost_fragments/{{ hostname }}/"
-    patterns: "https_*"
-  register: https_fragments_to_delete
-  when: ssl | bool == False and vhost_required | bool == True
-  tags:
-    - nginx_vhost
-
-- name: Delete https fragments if not using https
-  file:
-    path: "{{ item.path }}"
-    state: absent
-  with_items: "{{ https_fragments_to_delete.files }}"
-  when: ssl | bool == False and vhost_required | bool == True
-  tags:
-    - nginx_vhost
-
 - name: create root directory
   file: path="{{ nginx_root }}" state=directory mode=0755 force=yes follow=yes
   when: vhost_required | bool == True
   tags:
     - nginx_vhost
 
-# if not ssl or (ssl and not force_https): copy 50 http
-- name: if not using force_https, add root http fragment
+- name: Create Nginx config from template
   template:
-    src: "fragment_{{ item }}.j2"
-    dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/http_{{ item }}"
-  with_items:
-    - "50_root"
-    - "55_include"
-  when: (ssl | bool == False or (ssl | bool == True and force_https | bool == False)) and vhost_required | bool == True
-  tags:
-    - nginx_vhost
-
-# if not ssl or (ssl and not force_https): copy 60 robots
-- name: if not using force_https, add robots http fragment
-  template:
-    src: "fragment_{{ item }}.j2"
-    dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/http_{{ item }}"
-  with_items:
-    - "60_robots"
-  when: (ssl | bool == False or (ssl | bool == True and force_https | bool == False)) and vhost_required | bool == True
-  tags:
-    - nginx_vhost
-
-# if not ssl or (ssl and not force_https): copy (70 per path) http
-# basename filter returns last part of path e.g. for /ws returns ws, for / returns empty
-- name: if not using force_https, add location http fragments
-  template:
-    src: "fragment_70_location_start.j2"
-    dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/http_70_location_{{ item.sort_label | default(item.path | basename) }}_70_start"
-  with_items:
-    - "{{ nginx_paths}} "
-  when: (ssl | bool == False or (ssl | bool == True and force_https | bool == False)) and vhost_required | bool == True
-  tags:
-    - nginx_vhost
-
-# if not ssl or (ssl and not force_https): copy (73 per path) http
-# basename filter returns last part of path e.g. for /ws returns ws, for / returns empty
-- name: if not using force_https, add location http fragments
-  template:
-    src: "fragment_73_location.j2"
-    dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/http_70_location_{{ item.sort_label | default(item.path | basename) }}_73_content"
-  with_items:
-    - "{{ nginx_paths}} "
-  when: (ssl | bool == False or (ssl | bool == True and force_https | bool == False)) and vhost_required | bool == True
-  tags:
-    - nginx_vhost
-
-- name: add cors fragment if required
-  template:
-    src: "fragment_74_location_cors.j2"
-    dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/http_70_location_{{ item.sort_label | default(item.path | basename) }}_74_cors"
-  with_items:
-    - "{{ nginx_paths}} "
-  when: (ssl | bool == False or (ssl | bool == True and force_https | bool == False)) and vhost_required | bool == True and nginx_cors_origin_regexp is defined
-  tags:
-    - nginx_vhost
-
-# if not ssl or (ssl and not force_https): copy (75 per path) http
-# basename filter returns last part of path e.g. for /ws returns ws, for / returns empty
-- name: if not using force_https, add location http fragments
-  template:
-    src: "fragment_75_location_end.j2"
-    dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/http_70_location_{{ item.sort_label | default(item.path | basename) }}_75_end"
-  with_items:
-    - "{{ nginx_paths}} "
-  when: (ssl | bool == False or (ssl | bool == True and force_https | bool == False)) and vhost_required | bool == True
-  tags:
-    - nginx_vhost
-
-# if not ssl or (ssl and not force_https), delete 30 http
-- name: if not using force_https, delete force_https fragment
-  file: 
-    path: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/http_30_force_https"
-    state: absent
-  when: (ssl | bool == False or (ssl | bool == True and force_https | bool == False)) and vhost_required | bool == True
-  tags:
-    - nginx_vhost
-
-# if ssl and force_https, copy 30 as http
-- name: if using force_https, add force_https fragment
-  template:
-    src: "fragment_{{ item }}.j2"
-    dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/http_{{ item }}"
-  with_items:
-    - "30_force_https"
-  when: ssl | bool == True and force_https | bool == True and vhost_required | bool == True
-  tags:
-    - nginx_vhost
-
-# if ssl, copy 10, 20, 40, 50, 90 as https
-- name: add start https fragment
-  template:
-    src: "fragment_10_start_https.j2"
-    dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/https_10_start"
-  when: ssl | bool == True and vhost_required | bool == True
-  tags:
-    - nginx_vhost
-
-- name: add basic https fragments
-  template:
-    src: "fragment_{{ item }}.j2"
-    dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/https_{{ item }}"
-  with_items:
-    - "20_servername"
-    - "40_ssl"
-    - "50_root"
-    - "55_include"
-    - "60_robots"
-    - "90_end"
-  when: ssl | bool == True and vhost_required | bool == True
-  tags:
-    - nginx_vhost
-
-# if ssl, copy (70 per path) https
-# example https location for /ws path: /etc/nginx/vhost_fragments/bie-test.ala.org.au/https_70_location_start_ws
-# basename filter returns last part of path e.g. for /ws returns ws, for / returns empty
-- name: add location https fragments
-  template:
-    src: "fragment_70_location_start.j2"
-    dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/https_70_location_{{ item.sort_label | default(item.path | basename) }}_70_start"
-  with_items:
-    - "{{ nginx_paths }}"
-  when: ssl | bool == True and vhost_required | bool == True
-  tags:
-    - nginx_vhost
-
-# if ssl, copy (73 per path) https
-# example https location for /ws path: /etc/nginx/vhost_fragments/bie-test.ala.org.au/https_73_location_ws
-# basename filter returns last part of path e.g. for /ws returns ws, for / returns empty
-- name: add location https fragments
-  template:
-    src: "fragment_73_location.j2"
-    dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/https_70_location_{{ item.sort_label | default(item.path | basename) }}_73_content"
-  with_items:
-    - "{{ nginx_paths }}"
-  when: ssl | bool == True and vhost_required | bool == True
-  tags:
-    - nginx_vhost
-
-- name: add cors fragment if required
-  template:
-    src: "fragment_74_location_cors.j2"
-    dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/https_70_location_{{ item.sort_label | default(item.path | basename) }}_74_cors"
-  with_items:
-    - "{{ nginx_paths}} "
-  when: ssl | bool == True and vhost_required | bool == True and nginx_cors_origin_regexp is defined
-  tags:
-    - nginx_vhost
-
-# if ssl, copy (75 per path) https
-# example https location for /ws path: /etc/nginx/vhost_fragments/bie-test.ala.org.au/https_75_location_end_ws
-# basename filter returns last part of path e.g. for /ws returns ws, for / returns empty
-- name: add location https fragments
-  template:
-    src: "fragment_75_location_end.j2"
-    dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/https_70_location_{{ item.sort_label | default(item.path | basename) }}_75_end"
-  with_items:
-    - "{{ nginx_paths }}"
-  when: ssl | bool == True and vhost_required | bool == True
-  tags:
-    - nginx_vhost
-
-# assemble servername fragments dir, put in sites-available as servername.conf
-- name: assemble fragments into nginx vhost config
-  assemble:
-    src: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}"
-    dest: "{{nginx_conf_dir}}/sites-available/{{hostname}}{{vfragments_suffix}}.conf"
+    src: "nginx_vhost.j2"
+    dest: "{{ nginx_conf_dir }}/sites-available/{{ hostname }}{{ vfragments_suffix }}.conf"
   when: vhost_required | bool == True
   notify:
-   - reload nginx
+    - reload nginx
   tags:
     - nginx_vhost
 
diff --git a/ansible/roles/nginx_vhost/templates/nginx_vhost.j2 b/ansible/roles/nginx_vhost/templates/nginx_vhost.j2
new file mode 100644
index 000000000..eb49d5068
--- /dev/null
+++ b/ansible/roles/nginx_vhost/templates/nginx_vhost.j2
@@ -0,0 +1,48 @@
+{% import 'nginx_vhost_macros.j2' as m with context %}
+{% if (vhost_required | bool == True and nginx_rate_limit_enabled | bool == True) -%}
+{{ m.fragment_04_ratelimit() }}
+{%- endif %}
+{% if (vhost_required | bool == True and nginx_load_balancing | bool == false and item.is_websocket is defined and item.is_websocket | bool == true) -%}
+{{ m.fragment_06_connection() }}
+{%- endif %}
+{# Fragment-specific for HTTP #}
+{% if vhost_required | bool == True %}
+{{ m.fragment_10_start_http() }}
+{{ m.fragment_20_servername() -}}
+{% if (ssl | bool == True and force_https | bool == True and vhost_required | bool == True) -%}
+{{ m.fragment_30_force_https() -}}
+{% else %}
+{% if (ssl | bool == False or (ssl | bool == True and force_https | bool == False)) and vhost_required | bool == True -%}
+{{ m.fragment_50_root() }}
+{{ m.fragment_55_include() -}}
+{{ m.fragment_60_robots() }}
+{% for item in nginx_paths | sort(attribute='sort_label') %}
+{{ m.fragment_70_location_start(item) -}}
+{{ m.fragment_73_location(item) -}}
+{% if (nginx_cors_origin_regexp is defined) -%}
+{{ m.fragment_74_location_cors() }}
+{%- endif %}
+{{ m.fragment_75_location_end() }}
+{% endfor %}
+{%- endif %}
+{%- endif %}
+{# Close the HTTP server block #}
+{{ m.fragment_90_end() }}
+{% endif %}
+{# Fragment-specific for HTTPS #}
+{% if (ssl | bool == True and vhost_required | bool == True) -%}
+{{ m.fragment_10_start_https() }}
+{{ m.fragment_20_servername() -}}
+{{ m.fragment_40_ssl() -}}
+{{ m.fragment_50_root() }}
+{{ m.fragment_55_include() -}}
+{{ m.fragment_60_robots() }}
+{% for item in nginx_paths | sort(attribute='sort_label') %}
+{{ m.fragment_70_location_start(item) -}}
+{{ m.fragment_73_location(item) -}}
+{{ m.fragment_74_location_cors() }}
+{{ m.fragment_75_location_end() }}
+{% endfor %}
+{# Close the HTTPS server block #}
+{{ m.fragment_90_end() }}
+{%- endif %}
diff --git a/ansible/roles/nginx_vhost/templates/nginx_vhost_default.j2 b/ansible/roles/nginx_vhost/templates/nginx_vhost_default.j2
new file mode 100644
index 000000000..74cdd4bcf
--- /dev/null
+++ b/ansible/roles/nginx_vhost/templates/nginx_vhost_default.j2
@@ -0,0 +1,12 @@
+{% import 'nginx_vhost_macros.j2' as m with context %}
+{% if (ala_default_vhost and vhost_required) -%}
+{{ m.fragment_10_start_http() }}
+{% for item in nginx_paths | sort(attribute='sort_label') %}
+{{ m.fragment_70_location_start(item) -}}
+{{ m.fragment_71_location_default(item) -}}
+{{ m.fragment_73_location(item) -}}
+{{ m.fragment_75_location_end() }}
+{% endfor %}
+{# Close the HTTPS server block #}
+{{ m.fragment_90_end() }}
+{%- endif %}
diff --git a/ansible/roles/nginx_vhost/templates/nginx_vhost_macros.j2 b/ansible/roles/nginx_vhost/templates/nginx_vhost_macros.j2
new file mode 100644
index 000000000..7a0e1d88f
--- /dev/null
+++ b/ansible/roles/nginx_vhost/templates/nginx_vhost_macros.j2
@@ -0,0 +1,76 @@
+{% macro fragment_02_upstream(item) -%}
+{% include 'fragment_02_upstream.j2' %}
+{%- endmacro %}
+
+{% macro fragment_03_blocking() -%}
+{% include 'fragment_03_blocking.j2' %}
+{%- endmacro %}
+
+{% macro fragment_04_ratelimit() -%}
+{% include 'fragment_04_ratelimit.j2' %}
+{%- endmacro %}
+
+{% macro fragment_05_cache() -%}
+{% include 'fragment_05_cache.j2' %}
+{%- endmacro %}
+
+{% macro fragment_06_connection() -%}
+{% include 'fragment_06_connection.j2' %}
+{%- endmacro %}
+
+{% macro fragment_10_start_http() -%}
+{% include 'fragment_10_start_http.j2' %}
+{%- endmacro %}
+
+{% macro fragment_10_start_https() -%}
+{% include 'fragment_10_start_https.j2' %}
+{%- endmacro %}
+
+{% macro fragment_20_servername() -%}
+{% include 'fragment_20_servername.j2' %}
+{%- endmacro %}
+
+{% macro fragment_30_force_https() -%}
+{% include 'fragment_30_force_https.j2' %}
+{%- endmacro %}
+
+{% macro fragment_40_ssl() -%}
+{% include 'fragment_40_ssl.j2' %}
+{%- endmacro %}
+
+{% macro fragment_50_root() -%}
+{% include 'fragment_50_root.j2' %}
+{%- endmacro %}
+
+{% macro fragment_55_include() -%}
+{% include 'fragment_55_include.j2' %}
+{%- endmacro %}
+
+{% macro fragment_60_robots() -%}
+{% include 'fragment_60_robots.j2' %}
+{%- endmacro %}
+
+{% macro fragment_70_location_start(item) -%}
+{% include 'fragment_70_location_start.j2' %}
+{%- endmacro %}
+
+{% macro fragment_71_location_default(item) -%}
+{% include 'fragment_71_location_default.j2' %}
+{%- endmacro %}
+
+{% macro fragment_73_location(item) -%}
+{% include 'fragment_73_location.j2' %}
+{%- endmacro %}
+
+{% macro fragment_74_location_cors() -%}
+{% include 'fragment_74_location_cors.j2' -%}
+{%- endmacro %}
+
+{% macro fragment_75_location_end() -%}
+{% include 'fragment_75_location_end.j2' %}
+{%- endmacro %}
+
+{% macro fragment_90_end() -%}
+{% include 'fragment_90_end.j2' %}
+{%- endmacro %}
+

From 268ce554829079ac8497c274f4060a5145a07e94 Mon Sep 17 00:00:00 2001
From: vjrj <vjrj@comunes.org>
Date: Fri, 27 Dec 2024 20:55:39 +0100
Subject: [PATCH 2/4] Update conditional logic for vhost_required and ssl

---
 ansible/roles/nginx_vhost/templates/nginx_vhost.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ansible/roles/nginx_vhost/templates/nginx_vhost.j2 b/ansible/roles/nginx_vhost/templates/nginx_vhost.j2
index eb49d5068..cf4151756 100644
--- a/ansible/roles/nginx_vhost/templates/nginx_vhost.j2
+++ b/ansible/roles/nginx_vhost/templates/nginx_vhost.j2
@@ -6,13 +6,13 @@
 {{ m.fragment_06_connection() }}
 {%- endif %}
 {# Fragment-specific for HTTP #}
-{% if vhost_required | bool == True %}
+{% if (vhost_required | bool == True) %}
 {{ m.fragment_10_start_http() }}
 {{ m.fragment_20_servername() -}}
 {% if (ssl | bool == True and force_https | bool == True and vhost_required | bool == True) -%}
 {{ m.fragment_30_force_https() -}}
 {% else %}
-{% if (ssl | bool == False or (ssl | bool == True and force_https | bool == False)) and vhost_required | bool == True -%}
+{% if ((ssl | bool == False or (ssl | bool == True and force_https | bool == False)) and vhost_required | bool == True) -%}
 {{ m.fragment_50_root() }}
 {{ m.fragment_55_include() -}}
 {{ m.fragment_60_robots() }}

From 7ecc1be98bc73ed0f88cbe92b4801131f960f95e Mon Sep 17 00:00:00 2001
From: vjrj <vjrj@comunes.org>
Date: Fri, 27 Dec 2024 22:37:08 +0100
Subject: [PATCH 3/4] Improvements in default host generation

---
 ansible/roles/nginx_vhost/tasks/defaulthost.yml            | 3 +--
 ansible/roles/nginx_vhost/templates/nginx_vhost_default.j2 | 6 +++---
 ansible/roles/nginx_vhost/templates/nginx_vhost_macros.j2  | 4 ++++
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/ansible/roles/nginx_vhost/tasks/defaulthost.yml b/ansible/roles/nginx_vhost/tasks/defaulthost.yml
index 28e890281..9cb36c0a6 100644
--- a/ansible/roles/nginx_vhost/tasks/defaulthost.yml
+++ b/ansible/roles/nginx_vhost/tasks/defaulthost.yml
@@ -49,7 +49,7 @@
 - name: Create Nginx default config from template
   template:
     src: "nginx_vhost_default.j2"
-    dest: "{{ nginx_conf_dir }}/sites-available/{{ hostname }}{{ vfragments_suffix }}.conf"
+    dest: "{{ nginx_conf_dir }}/sites-available/ala_default.conf"
   when: vhost_required | bool == True
   notify:
     - reload nginx
@@ -72,4 +72,3 @@
     ala_default_vhost: False
   tags:
     - nginx_vhost
-
diff --git a/ansible/roles/nginx_vhost/templates/nginx_vhost_default.j2 b/ansible/roles/nginx_vhost/templates/nginx_vhost_default.j2
index 74cdd4bcf..8d4229a82 100644
--- a/ansible/roles/nginx_vhost/templates/nginx_vhost_default.j2
+++ b/ansible/roles/nginx_vhost/templates/nginx_vhost_default.j2
@@ -1,10 +1,10 @@
 {% import 'nginx_vhost_macros.j2' as m with context %}
 {% if (ala_default_vhost and vhost_required) -%}
-{{ m.fragment_10_start_http() }}
+{{ m.ala_default_start() }}
 {% for item in nginx_paths | sort(attribute='sort_label') %}
 {{ m.fragment_70_location_start(item) -}}
-{{ m.fragment_71_location_default(item) -}}
-{{ m.fragment_73_location(item) -}}
+{{ m.fragment_71_location_default(item) }}
+{{ m.fragment_73_location(item) }}
 {{ m.fragment_75_location_end() }}
 {% endfor %}
 {# Close the HTTPS server block #}
diff --git a/ansible/roles/nginx_vhost/templates/nginx_vhost_macros.j2 b/ansible/roles/nginx_vhost/templates/nginx_vhost_macros.j2
index 7a0e1d88f..dd32bf3ae 100644
--- a/ansible/roles/nginx_vhost/templates/nginx_vhost_macros.j2
+++ b/ansible/roles/nginx_vhost/templates/nginx_vhost_macros.j2
@@ -1,3 +1,7 @@
+{% macro ala_default_start() -%}
+{% include 'ala_default_start.j2' %}
+{%- endmacro %}
+
 {% macro fragment_02_upstream(item) -%}
 {% include 'fragment_02_upstream.j2' %}
 {%- endmacro %}

From ab463d10da332fd3bdbaa058ee063c3ea8ebb1b0 Mon Sep 17 00:00:00 2001
From: vjrj <vjrj@comunes.org>
Date: Sat, 28 Dec 2024 00:22:44 +0100
Subject: [PATCH 4/4] Default vhost end

---
 ansible/roles/nginx_vhost/templates/nginx_vhost_default.j2 | 2 +-
 ansible/roles/nginx_vhost/templates/nginx_vhost_macros.j2  | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/nginx_vhost/templates/nginx_vhost_default.j2 b/ansible/roles/nginx_vhost/templates/nginx_vhost_default.j2
index 8d4229a82..dcd623550 100644
--- a/ansible/roles/nginx_vhost/templates/nginx_vhost_default.j2
+++ b/ansible/roles/nginx_vhost/templates/nginx_vhost_default.j2
@@ -8,5 +8,5 @@
 {{ m.fragment_75_location_end() }}
 {% endfor %}
 {# Close the HTTPS server block #}
-{{ m.fragment_90_end() }}
+{{ m.ala_default_end() }}
 {%- endif %}
diff --git a/ansible/roles/nginx_vhost/templates/nginx_vhost_macros.j2 b/ansible/roles/nginx_vhost/templates/nginx_vhost_macros.j2
index dd32bf3ae..96d8a847c 100644
--- a/ansible/roles/nginx_vhost/templates/nginx_vhost_macros.j2
+++ b/ansible/roles/nginx_vhost/templates/nginx_vhost_macros.j2
@@ -2,6 +2,10 @@
 {% include 'ala_default_start.j2' %}
 {%- endmacro %}
 
+{% macro ala_default_end() -%}
+{% include 'ala_default_end.j2' %}
+{%- endmacro %}
+
 {% macro fragment_02_upstream(item) -%}
 {% include 'fragment_02_upstream.j2' %}
 {%- endmacro %}