From 0ee1665acb67a5ec6e0d143b40787f6cb34a01e0 Mon Sep 17 00:00:00 2001 From: Beta Date: Wed, 26 Nov 2025 21:49:41 -0300 Subject: [PATCH 01/19] =?UTF-8?q?refactor:=20simplificar=20naming=20de=20n?= =?UTF-8?q?odos=20con=20auto-deducci=C3=B3n?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cambios principales: - Nueva variable 'nodo': nombre base (ej: marmite) - Renombrar variable antigua 'nodo' (FQDN) -> 'rap_dn' - Auto-deducir 'domains' desde nodo: [{{ nodo }}.abyaya.la] - Auto-deducir 'rap_dn' desde nodo: {{ nodo }}.comun - Extraer lógica normalización a roles/proxy/tasks/normalize_node.yml - Agregar defaults en roles/proxy/vars/main.yml Sintaxis nueva (simplificada): - nodo: marmite force_https: yes # Auto: domains: [marmite.abyaya.la], rap_dn: marmite.comun Sintaxis FQDN externo: - nodo: kipu domains: - kipu.latina.red # Auto: rap_dn: kipu.comun Retrocompatibilidad: - service_name: antigua domains: [antigua.abyaya.la] rap_dn: antigua.comun Beneficios: - DRY: Una sola variable define nombre - Menos errores de tipeo - Configuración más limpia - Retrocompatible con service_name --- abyayala.yml | 6 ++---- roles/althost/tasks/roles.yml | 5 +++-- roles/proxy/tasks/main.yml | 12 +++++++----- roles/proxy/tasks/normalize_node.yml | 12 ++++++++++++ roles/proxy/templates/default_proxy.conf | 2 +- roles/proxy/templates/stream.conf | 6 +++--- roles/proxy/templates/vhost.conf | 4 ++-- roles/proxy/vars/main.yml | 1 + 8 files changed, 31 insertions(+), 17 deletions(-) create mode 100644 roles/proxy/tasks/normalize_node.yml diff --git a/abyayala.yml b/abyayala.yml index 65712f4..7d991bb 100644 --- a/abyayala.yml +++ b/abyayala.yml @@ -66,11 +66,9 @@ matrix: nodo: respaldos.comun force_https: yes - - service_name: marmite - domains: - - marmite.abyaya.la - nodo: marmite.comun + - nodo: marmite force_https: yes + # Auto-deduced: domains: [marmite.abyaya.la], rap_dn: marmite.comun - service_name: yanapak domains: diff --git a/roles/althost/tasks/roles.yml b/roles/althost/tasks/roles.yml index 067ee65..29f4fb8 100644 --- a/roles/althost/tasks/roles.yml +++ b/roles/althost/tasks/roles.yml @@ -1,9 +1,10 @@ - set_fact: current_service: "{{ item }}" - service_name: "{{ item.service_name }}" + # Deducir service_name: usar 'nodo' si existe, sino 'service_name' (retrocompatibilidad) + service_name: "{{ item.nodo | default(item.service_name) }}" service_roles: "{{ item.roles | default([]) }}" -- include_role: +- include_role: name: "{{ current_role_name }}" with_items: "{{ service_roles }}" loop_control: diff --git a/roles/proxy/tasks/main.yml b/roles/proxy/tasks/main.yml index 5397241..fc7e49d 100644 --- a/roles/proxy/tasks/main.yml +++ b/roles/proxy/tasks/main.yml @@ -37,11 +37,13 @@ - name: domains' stuff block: - - name: slice matrix with those having domains defined - set_fact: - matrix_loop: "{{ matrix_loop | default([]) | union([ domino ]) }}" - with_items: "{{ matrix }}" - when: "{{ domino.domains is defined and domino.nodo is defined }}" + - name: normalize and build matrix_loop + block: + - include_tasks: normalize_node.yml + - set_fact: + matrix_loop: "{{ matrix_loop | default([]) | union([ domino_normalized ]) }}" + with_items: "{{ matrix }}" + when: "{{ (domino.domains is defined or domino.nodo is defined or domino.service_name is defined) }}" loop_control: loop_var: domino diff --git a/roles/proxy/tasks/normalize_node.yml b/roles/proxy/tasks/normalize_node.yml new file mode 100644 index 0000000..d002fd8 --- /dev/null +++ b/roles/proxy/tasks/normalize_node.yml @@ -0,0 +1,12 @@ +# Normalizar entrada de matriz: auto-deducir rap_dn y domains desde 'nodo' +- set_fact: + domino_normalized: + nodo: "{{ domino.nodo | default(domino.service_name) }}" + rap_dn: "{{ domino.rap_dn | default((domino.nodo | default(domino.service_name)) ~ '.comun') }}" + domains: "{{ domino.domains | default([(domino.nodo | default(domino.service_name)) ~ '.abyaya.la']) }}" + force_https: "{{ domino.force_https | default(domains_default_force_https) }}" + ports: "{{ domino.ports | default([]) }}" + enable_compression: "{{ domino.enable_compression | default(domains_default_enable_compression) }}" + roles: "{{ domino.roles | default([]) }}" + service_name: "{{ domino.service_name | default(domino.nodo) }}" + dns_extras: "{{ domino.dns_extras | default([]) }}" diff --git a/roles/proxy/templates/default_proxy.conf b/roles/proxy/templates/default_proxy.conf index a2c8627..ed114c1 100644 --- a/roles/proxy/templates/default_proxy.conf +++ b/roles/proxy/templates/default_proxy.conf @@ -17,7 +17,7 @@ proxy_ssl_server_name on; proxy_ssl_name $ssl_server_name; - proxy_pass https://$comun_{{ vhost.nodo | replace(".", "") }}; + proxy_pass https://$comun_{{ vhost.rap_dn | replace(".", "") }}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; diff --git a/roles/proxy/templates/stream.conf b/roles/proxy/templates/stream.conf index a63eef6..731c1c7 100644 --- a/roles/proxy/templates/stream.conf +++ b/roles/proxy/templates/stream.conf @@ -1,5 +1,5 @@ -upstream ssh_{{ vhost.nodo | replace(".", "") }} { - server {{ vhost.nodo }}:22; +upstream ssh_{{ vhost.rap_dn | replace(".", "") }} { + server {{ vhost.rap_dn }}:22; } server { @@ -7,5 +7,5 @@ server { server_name .{{ vhost.domains | join(' .') }}; - proxy_pass ssh_{{ vhost.nodo | replace(".", "") }}; + proxy_pass ssh_{{ vhost.rap_dn | replace(".", "") }}; } \ No newline at end of file diff --git a/roles/proxy/templates/vhost.conf b/roles/proxy/templates/vhost.conf index 647913e..e21c9db 100644 --- a/roles/proxy/templates/vhost.conf +++ b/roles/proxy/templates/vhost.conf @@ -1,7 +1,7 @@ -map $http_host $comun_{{ vhost.nodo | replace(".", "") }} { +map $http_host $comun_{{ vhost.rap_dn | replace(".", "") }} { hostnames; {% for domain in vhost.domains %} - .{{ domain }} {{ vhost.nodo }}; + .{{ domain }} {{ vhost.rap_dn }}; {% endfor %} } diff --git a/roles/proxy/vars/main.yml b/roles/proxy/vars/main.yml index 4a8ed0d..19b8a6d 100644 --- a/roles/proxy/vars/main.yml +++ b/roles/proxy/vars/main.yml @@ -1,5 +1,6 @@ domains_default_ssl: no domains_default_force_https: no +domains_default_enable_compression: no # nginx vhosts_path: "{{ compose_path }}/proxy/vhosts" -- 2.49.0 From f91a3360af80cfab0b883cabbf65fdab5b9c5619 Mon Sep 17 00:00:00 2001 From: Beta Date: Mon, 1 Dec 2025 17:00:39 -0300 Subject: [PATCH 02/19] parmetrizar los dominios de las redes: abyaya.la (proxy) y .comun (vpn) bifurca de #issue42 en que ya estan parametrizadas zones y asi --- group_vars/hetzner/vars | 2 ++ roles/dnsmasq/tasks/main.yml | 2 ++ roles/dnsmasq/templates/dnsmasq.conf | 6 +++--- roles/firewall/templates/rules.v4.j2 | 2 +- roles/knsupdate/tasks/update_domain.yml | 8 ++++---- roles/proxy/tasks/main.yml | 10 +++++----- roles/proxy/templates/stream.conf | 2 +- roles/rap/tasks/client.yml | 4 ++-- roles/rap/tasks/main.yml | 6 +++--- 9 files changed, 23 insertions(+), 19 deletions(-) diff --git a/group_vars/hetzner/vars b/group_vars/hetzner/vars index 87a5c11..c1b2458 100644 --- a/group_vars/hetzner/vars +++ b/group_vars/hetzner/vars @@ -1,3 +1,5 @@ host_ip: 5.161.236.18 +main_zone: abyaya.la +vpn_name: comun proxy_scale: 2 domains_default_force_https: yes diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml index 718b9d5..88eec72 100644 --- a/roles/dnsmasq/tasks/main.yml +++ b/roles/dnsmasq/tasks/main.yml @@ -2,12 +2,14 @@ apt: name: dnsmasq state: present + - name: configuracion de red comun template: src: dnsmasq.conf dest: "/etc/dnsmasq.conf" notify: - restart dnsmasq + - name: activar el servicio systemd_service: name: dnsmasq diff --git a/roles/dnsmasq/templates/dnsmasq.conf b/roles/dnsmasq/templates/dnsmasq.conf index c3c1060..1950642 100644 --- a/roles/dnsmasq/templates/dnsmasq.conf +++ b/roles/dnsmasq/templates/dnsmasq.conf @@ -74,8 +74,8 @@ resolv-file=/etc/resolv.local # Add local-only domains here, queries in these domains are answered # from /etc/hosts or DHCP only. -local=/comun/ -domain=comun +local=/{{ dns_name }}/ +domain={{ dns_name }} # Add domains which you want to force to an IP address here. # The example below send any host in double-click.net to a local @@ -117,7 +117,7 @@ domain=comun # specified interfaces (and the loopback) give the name of the # interface (eg eth0) here. # Repeat the line for more than one interface. -interface=comun +interface={{ dns_name }} # Or you can specify which interface _not_ to listen on except-interface=eth0 # Or which to listen on by address (remember to include 127.0.0.1 if diff --git a/roles/firewall/templates/rules.v4.j2 b/roles/firewall/templates/rules.v4.j2 index 2a453e6..959def9 100644 --- a/roles/firewall/templates/rules.v4.j2 +++ b/roles/firewall/templates/rules.v4.j2 @@ -6,7 +6,7 @@ -A INPUT -m conntrack --ctstate INVALID -j DROP -A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT -A INPUT -i lo -j ACCEPT --A INPUT -i comun -j ACCEPT +-A INPUT -i {{ vpn_name }} -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p udp -m udp --dport 53 -j ACCEPT -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT diff --git a/roles/knsupdate/tasks/update_domain.yml b/roles/knsupdate/tasks/update_domain.yml index d657d7d..7475183 100644 --- a/roles/knsupdate/tasks/update_domain.yml +++ b/roles/knsupdate/tasks/update_domain.yml @@ -1,10 +1,10 @@ - set_fact: - is_abyayala_subdomain: "{{ domain.endswith('.abyaya.la') }}" + is_abyayala_subdomain: "{{ domain.endswith('.' ~ main_zone) }}" - - name: extract zone and hostname for abyaya.la subdomains + - name: extract zone and hostname for main zone subdomains set_fact: - zone: "abyaya.la." - hostname: "{{ domain | regex_replace('([a-z0-9-]+)\\.abyaya\\.la', '\\1') }}" + zone: main_zone ~ '.' + hostname: "{{ domain | regex_replace('([a-z0-9-]+)\\.' ~ main_zone|regex_escape , '\\1') }}" when: is_abyayala_subdomain - name: split domain into parts diff --git a/roles/proxy/tasks/main.yml b/roles/proxy/tasks/main.yml index b33c928..450285d 100644 --- a/roles/proxy/tasks/main.yml +++ b/roles/proxy/tasks/main.yml @@ -11,12 +11,12 @@ tags: certbot - name: configuration paths - file: path={{ comun }} state=directory + file: path={{ abc }} state=directory with_items: - "{{ stream_path }}" - "{{ conf_path }}" loop_control: - loop_var: comun + loop_var: abc - name: virtual hosts path file: path={{ vhosts_path }} state=directory @@ -45,12 +45,12 @@ loop_control: loop_var: domino - - name: add default abyaya.la subdomain if not present + - name: add default main zone subdomain if not present set_fact: matrix_loop_with_defaults: "{{ matrix_loop_with_defaults | default([]) | union([ item_with_default ]) }}" vars: - has_abyayala_domain: "{{ item.domains | select('match', '.*\\.abyaya\\.la$') | list | length > 0 }}" - default_domain: "{{ item.service_name }}.abyaya.la" + has_abyayala_domain: "{{ item.domains | select('match', '.*\\.' ~ (main_zone | regex_escape) ~ '$') | list | length > 0 }}" + default_domain: "{{ item.service_name ~ '.q' ~ main_zone }}" domains_with_default: "{{ item.domains + [default_domain] if not has_abyayala_domain else item.domains }}" item_with_default: "{{ item | combine({'domains': domains_with_default}) }}" with_items: "{{ matrix_loop | default([]) }}" diff --git a/roles/proxy/templates/stream.conf b/roles/proxy/templates/stream.conf index bf54232..72843de 100644 --- a/roles/proxy/templates/stream.conf +++ b/roles/proxy/templates/stream.conf @@ -5,7 +5,7 @@ upstream ssh_{{ vhost.nodo | replace(".", "") }} { server { listen {{ vhost.ports[0] }}; - server_name {{ vhost.service_name }}.abyaya.la; + server_name {{ vhost.service_name ~ '.' ~ main_zone }}; proxy_pass ssh_{{ vhost.nodo | replace(".", "") }}; } \ No newline at end of file diff --git a/roles/rap/tasks/client.yml b/roles/rap/tasks/client.yml index fed4dc0..dfb49e1 100644 --- a/roles/rap/tasks/client.yml +++ b/roles/rap/tasks/client.yml @@ -28,11 +28,11 @@ cmd: "./rap init -i {{ nodo }}" chdir: "{{ rap_path }}/rap" environment: - NETWORK: comun + NETWORK: "{{ vpn_name }}" - name: instalar el nodo shell: cmd: "./rap install -v {{ nodo }}" chdir: "{{ rap_path }}/rap" environment: - NETWORK: comun + NETWORK: "{{ vpn_name }}" diff --git a/roles/rap/tasks/main.yml b/roles/rap/tasks/main.yml index 80df79b..598c3af 100644 --- a/roles/rap/tasks/main.yml +++ b/roles/rap/tasks/main.yml @@ -24,9 +24,9 @@ cmd: "./rap add-host {{ althost }} {{ nod }}" chdir: "{{ rap_path }}" args: - creates: "{{ rap_path }}/networks/comun/abyayala/hosts/{{ nod }}" + creates: "{{ rap_path }}/networks/{{ vpn_name }}/abyayala/hosts/{{ nod }}" environment: - NETWORK: comun + NETWORK: "{{ vpn_name }}" with_items: "{{ item.nodos }}" loop_control: loop_var: nod @@ -36,4 +36,4 @@ cmd: "./rap install -v {{ althost }}" chdir: "{{ rap_path }}" environment: - NETWORK: comun + NETWORK: "{{ vpn_name }}" -- 2.49.0 From 68ca0b5b61d2d2769dc3a671518f005e4830eb7e Mon Sep 17 00:00:00 2001 From: Beta Date: Tue, 2 Dec 2025 17:17:52 -0300 Subject: [PATCH 03/19] fixes revision de fauno --- roles/dnsmasq/templates/dnsmasq.conf | 6 +++--- roles/proxy/tasks/main.yml | 2 +- roles/proxy/templates/stream.conf | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/dnsmasq/templates/dnsmasq.conf b/roles/dnsmasq/templates/dnsmasq.conf index 1950642..392dee4 100644 --- a/roles/dnsmasq/templates/dnsmasq.conf +++ b/roles/dnsmasq/templates/dnsmasq.conf @@ -74,8 +74,8 @@ resolv-file=/etc/resolv.local # Add local-only domains here, queries in these domains are answered # from /etc/hosts or DHCP only. -local=/{{ dns_name }}/ -domain={{ dns_name }} +local=/{{ vpn_name }}/ +domain={{ vpn_name }} # Add domains which you want to force to an IP address here. # The example below send any host in double-click.net to a local @@ -117,7 +117,7 @@ domain={{ dns_name }} # specified interfaces (and the loopback) give the name of the # interface (eg eth0) here. # Repeat the line for more than one interface. -interface={{ dns_name }} +interface={{ vpn_name }} # Or you can specify which interface _not_ to listen on except-interface=eth0 # Or which to listen on by address (remember to include 127.0.0.1 if diff --git a/roles/proxy/tasks/main.yml b/roles/proxy/tasks/main.yml index 450285d..2e50195 100644 --- a/roles/proxy/tasks/main.yml +++ b/roles/proxy/tasks/main.yml @@ -50,7 +50,7 @@ matrix_loop_with_defaults: "{{ matrix_loop_with_defaults | default([]) | union([ item_with_default ]) }}" vars: has_abyayala_domain: "{{ item.domains | select('match', '.*\\.' ~ (main_zone | regex_escape) ~ '$') | list | length > 0 }}" - default_domain: "{{ item.service_name ~ '.q' ~ main_zone }}" + default_domain: "{{ item.service_name ~ '.' ~ main_zone }}" domains_with_default: "{{ item.domains + [default_domain] if not has_abyayala_domain else item.domains }}" item_with_default: "{{ item | combine({'domains': domains_with_default}) }}" with_items: "{{ matrix_loop | default([]) }}" diff --git a/roles/proxy/templates/stream.conf b/roles/proxy/templates/stream.conf index 72843de..9eb2e6c 100644 --- a/roles/proxy/templates/stream.conf +++ b/roles/proxy/templates/stream.conf @@ -5,7 +5,7 @@ upstream ssh_{{ vhost.nodo | replace(".", "") }} { server { listen {{ vhost.ports[0] }}; - server_name {{ vhost.service_name ~ '.' ~ main_zone }}; + server_name {{ vhost.service_name }}.{{ main_zone }}; proxy_pass ssh_{{ vhost.nodo | replace(".", "") }}; } \ No newline at end of file -- 2.49.0 From 552911286d4ccc9165b308f84f7282236b6fc738 Mon Sep 17 00:00:00 2001 From: Beta Date: Tue, 2 Dec 2025 19:15:59 -0300 Subject: [PATCH 04/19] =?UTF-8?q?fix:=20asegurar=20que=20dominio=20.abyaya?= =?UTF-8?q?.la=20est=C3=A9=20siempre=20en=20domains[0]?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Modifica normalize_node.yml para garantizar que el dominio .abyaya.la siempre sea el primero en la lista de dominios, independientemente del orden definido. Esto es crítico para certificados SSL y configuraciones vhost que dependen de domains[0]. --- roles/proxy/tasks/normalize_node.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/proxy/tasks/normalize_node.yml b/roles/proxy/tasks/normalize_node.yml index d002fd8..8c4bf2d 100644 --- a/roles/proxy/tasks/normalize_node.yml +++ b/roles/proxy/tasks/normalize_node.yml @@ -1,9 +1,14 @@ # Normalizar entrada de matriz: auto-deducir rap_dn y domains desde 'nodo' +- set_fact: + _existing_abyayala_domains: "{{ (domino.domains | default([])) | select('match', '.*\\.abyaya\\.la$') | list }}" + _other_domains: "{{ (domino.domains | default([])) | reject('match', '.*\\.abyaya\\.la$') | list }}" + _default_domain: "{{ (domino.nodo | default(domino.service_name)) ~ '.abyaya.la' }}" + - set_fact: domino_normalized: nodo: "{{ domino.nodo | default(domino.service_name) }}" rap_dn: "{{ domino.rap_dn | default((domino.nodo | default(domino.service_name)) ~ '.comun') }}" - domains: "{{ domino.domains | default([(domino.nodo | default(domino.service_name)) ~ '.abyaya.la']) }}" + domains: "{{ [(_existing_abyayala_domains[0] if (_existing_abyayala_domains | length > 0) else _default_domain)] + _other_domains }}" force_https: "{{ domino.force_https | default(domains_default_force_https) }}" ports: "{{ domino.ports | default([]) }}" enable_compression: "{{ domino.enable_compression | default(domains_default_enable_compression) }}" -- 2.49.0 From 73a562b449edc49a2dbd6b6560155b3b49fbe90b Mon Sep 17 00:00:00 2001 From: Beta Date: Thu, 18 Dec 2025 12:06:38 -0300 Subject: [PATCH 05/19] refactor: replace hardcoded domain with main_zone variable - Add main_zone_regex derived from main_zone with proper escaping - Replace hardcoded abyaya.la references in proxy tasks - Use main_zone and main_zone_regex for domain matching and construction --- roles/proxy/tasks/main.yml | 10 +++++++--- roles/proxy/tasks/normalize_node.yml | 6 +++--- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/roles/proxy/tasks/main.yml b/roles/proxy/tasks/main.yml index 5fd33cf..1245d3e 100644 --- a/roles/proxy/tasks/main.yml +++ b/roles/proxy/tasks/main.yml @@ -10,6 +10,10 @@ include_role: name=certbot tags: certbot + - name: set main_zone_regex from main_zone + set_fact: + main_zone_regex: "{{ '.' ~ main_zone | replace('.', '\\.') }}" + - name: configuration paths file: path={{ abc }} state=directory with_items: @@ -53,10 +57,10 @@ set_fact: matrix_loop_with_defaults: "{{ matrix_loop_with_defaults | default([]) | union([ item_with_default ]) }}" vars: - existing_abyayala_domains: "{{ item.domains | select('match', '.*\\.abyaya\\.la$') | list }}" + existing_abyayala_domains: "{{ item.domains | select('match', '.*' ~ main_zone_regex ~ '$') | list }}" has_abyayala_domain: "{{ existing_abyayala_domains | length > 0 }}" - default_domain: "{{ item.service_name }}.abyaya.la" - other_domains: "{{ item.domains | reject('match', '.*\\.abyaya\\.la$') | list }}" + default_domain: "{{ item.service_name }}.{{ main_zone }}" + other_domains: "{{ item.domains | reject('match', '.*' ~ main_zone_regex ~ '$') | list }}" abyayala_domain_to_use: "{{ existing_abyayala_domains[0] if has_abyayala_domain else default_domain }}" domains_with_default: "{{ [abyayala_domain_to_use] + other_domains }}" item_with_default: "{{ item | combine({'domains': domains_with_default}) }}" diff --git a/roles/proxy/tasks/normalize_node.yml b/roles/proxy/tasks/normalize_node.yml index 8c4bf2d..dda5a83 100644 --- a/roles/proxy/tasks/normalize_node.yml +++ b/roles/proxy/tasks/normalize_node.yml @@ -1,8 +1,8 @@ # Normalizar entrada de matriz: auto-deducir rap_dn y domains desde 'nodo' - set_fact: - _existing_abyayala_domains: "{{ (domino.domains | default([])) | select('match', '.*\\.abyaya\\.la$') | list }}" - _other_domains: "{{ (domino.domains | default([])) | reject('match', '.*\\.abyaya\\.la$') | list }}" - _default_domain: "{{ (domino.nodo | default(domino.service_name)) ~ '.abyaya.la' }}" + _existing_abyayala_domains: "{{ (domino.domains | default([])) | select('match', '.*' ~ main_zone_regex ~ '$') | list }}" + _other_domains: "{{ (domino.domains | default([])) | reject('match', '.*' ~ main_zone_regex ~ '$') | list }}" + _default_domain: "{{ (domino.nodo | default(domino.service_name)) ~ '.' ~ main_zone }}" - set_fact: domino_normalized: -- 2.49.0 From fae291cdc9f408826e972cc14f75bfe5ad7e006b Mon Sep 17 00:00:00 2001 From: Beta Date: Thu, 18 Dec 2025 12:11:53 -0300 Subject: [PATCH 06/19] corrijo estas cosas por enesima vez --- group_vars/testing/vars | 2 ++ roles/knsupdate/tasks/update_domain.yml | 7 ++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/group_vars/testing/vars b/group_vars/testing/vars index d43597d..94089f6 100644 --- a/group_vars/testing/vars +++ b/group_vars/testing/vars @@ -1 +1,3 @@ host_ip: 157.180.114.62 +main_zone: abyayala.red +vpn_name: comun diff --git a/roles/knsupdate/tasks/update_domain.yml b/roles/knsupdate/tasks/update_domain.yml index 242eaca..467ade8 100644 --- a/roles/knsupdate/tasks/update_domain.yml +++ b/roles/knsupdate/tasks/update_domain.yml @@ -3,7 +3,7 @@ - name: extract zone and hostname for main zone subdomains set_fact: - zone: main_zone ~ '.' + zone: "{{ main_zone ~ '.' }}" hostname: "{{ domain | regex_replace('([a-z0-9-]+)\\.' ~ main_zone|regex_escape , '\\1') }}" when: is_abyayala_subdomain @@ -30,6 +30,11 @@ hostname: "{{ domain_parts[:-2] | join('.') if domain_parts | length > 2 else '@' }}" when: not is_abyayala_subdomain and not uses_compound_tld + - name: Debug knsupdate for this domain + debug: + msg: "{{ lookup('template', 'templates/commands.j2') }}" + when: is_abyayala_subdomain + - name: knsupdate for this domain shell: knsupdate args: -- 2.49.0 From 02bfbfc2c6aaf25ab444ab1e64cebc6c6eaf1121 Mon Sep 17 00:00:00 2001 From: Beta Date: Thu, 18 Dec 2025 12:47:15 -0300 Subject: [PATCH 07/19] fixes: variable parametrizada, dependencia de RAP actualizada --- roles/proxy/tasks/normalize_node.yml | 2 +- roles/rap/tasks/client.yml | 2 +- tasks/rap.yml | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/proxy/tasks/normalize_node.yml b/roles/proxy/tasks/normalize_node.yml index dda5a83..aca95e0 100644 --- a/roles/proxy/tasks/normalize_node.yml +++ b/roles/proxy/tasks/normalize_node.yml @@ -7,7 +7,7 @@ - set_fact: domino_normalized: nodo: "{{ domino.nodo | default(domino.service_name) }}" - rap_dn: "{{ domino.rap_dn | default((domino.nodo | default(domino.service_name)) ~ '.comun') }}" + rap_dn: "{{ domino.rap_dn | default((domino.nodo | default(domino.service_name)) ~ '.' ~ vpn_name) }}" domains: "{{ [(_existing_abyayala_domains[0] if (_existing_abyayala_domains | length > 0) else _default_domain)] + _other_domains }}" force_https: "{{ domino.force_https | default(domains_default_force_https) }}" ports: "{{ domino.ports | default([]) }}" diff --git a/roles/rap/tasks/client.yml b/roles/rap/tasks/client.yml index dfb49e1..be363a7 100644 --- a/roles/rap/tasks/client.yml +++ b/roles/rap/tasks/client.yml @@ -2,7 +2,7 @@ # https://serverfault.com/questions/1108989/isc-dhcp-client-dhclient-alternative - name: instalar dependecias de la RAP apt: - name: ['tinc', 'rsync', 'dhcp5'] + name: ['tinc', 'rsync', 'dhcpcd5'] state: latest # update_cache: yes tags: installation diff --git a/tasks/rap.yml b/tasks/rap.yml index de88174..d9c0a27 100644 --- a/tasks/rap.yml +++ b/tasks/rap.yml @@ -1,5 +1,6 @@ # Instalacion de la RAP en maquina local # ansible-playbook --become tasks/rap.yml -e "host=localhost nodo=chem" -i hosts.local +# ansible-playbook tasks/rap.yml -e "host=testing nodo=testnet" --- - hosts: "{{ host }}" tasks: -- 2.49.0 From 5ab33a419ac1c3857b6dce83886d83f38e9689d4 Mon Sep 17 00:00:00 2001 From: Beta Date: Thu, 18 Dec 2025 13:03:33 -0300 Subject: [PATCH 08/19] Actualizo RAP y corrijo su copy --- roles/rap/code/rap | 2 +- roles/rap/tasks/client.yml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/rap/code/rap b/roles/rap/code/rap index ec4cd71..05481cd 160000 --- a/roles/rap/code/rap +++ b/roles/rap/code/rap @@ -1 +1 @@ -Subproject commit ec4cd71e6e2f5159ae08c06123db67e48dc7a5bb +Subproject commit 05481cdbc3b32f139c53cdf7adfaace97db82fac diff --git a/roles/rap/tasks/client.yml b/roles/rap/tasks/client.yml index be363a7..9570b7a 100644 --- a/roles/rap/tasks/client.yml +++ b/roles/rap/tasks/client.yml @@ -11,13 +11,13 @@ - name: copiar el codigo fuente synchronize: - src: ../roles/rap/code/rap + src: ../roles/rap/code/rap/ dest: "{{ rap_path }}" perms: true - name: hacer ejecutable el archivo rap file: - path: "{{ rap_path }}/rap/rap" + path: "{{ rap_path }}/rap" state: touch mode: '774' modification_time: preserve @@ -26,13 +26,13 @@ - name: inicializar el nodo shell: cmd: "./rap init -i {{ nodo }}" - chdir: "{{ rap_path }}/rap" + chdir: "{{ rap_path }}" environment: NETWORK: "{{ vpn_name }}" - name: instalar el nodo shell: cmd: "./rap install -v {{ nodo }}" - chdir: "{{ rap_path }}/rap" + chdir: "{{ rap_path }}" environment: NETWORK: "{{ vpn_name }}" -- 2.49.0 From 380a588f0cf973bb7551752f9c1f2bb540b1cb78 Mon Sep 17 00:00:00 2001 From: Beta Date: Thu, 18 Dec 2025 13:05:23 -0300 Subject: [PATCH 09/19] refactor: remove duplicate domain normalization logic The domain normalization logic (filtering main_zone domains, creating default domain, and ordering) was duplicated in main.yml after already being performed in normalize_node.yml. This removes the redundant 18-line block, keeping only the normalization in normalize_node.yml. --- roles/proxy/tasks/main.yml | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/roles/proxy/tasks/main.yml b/roles/proxy/tasks/main.yml index 1245d3e..e9896a8 100644 --- a/roles/proxy/tasks/main.yml +++ b/roles/proxy/tasks/main.yml @@ -53,24 +53,6 @@ loop_control: loop_var: domino - - name: ensure abyaya.la subdomain is always first in domains list - set_fact: - matrix_loop_with_defaults: "{{ matrix_loop_with_defaults | default([]) | union([ item_with_default ]) }}" - vars: - existing_abyayala_domains: "{{ item.domains | select('match', '.*' ~ main_zone_regex ~ '$') | list }}" - has_abyayala_domain: "{{ existing_abyayala_domains | length > 0 }}" - default_domain: "{{ item.service_name }}.{{ main_zone }}" - other_domains: "{{ item.domains | reject('match', '.*' ~ main_zone_regex ~ '$') | list }}" - abyayala_domain_to_use: "{{ existing_abyayala_domains[0] if has_abyayala_domain else default_domain }}" - domains_with_default: "{{ [abyayala_domain_to_use] + other_domains }}" - item_with_default: "{{ item | combine({'domains': domains_with_default}) }}" - with_items: "{{ matrix_loop | default([]) }}" - - - name: update matrix_loop with defaults - set_fact: - matrix_loop: "{{ matrix_loop_with_defaults }}" - when: matrix_loop_with_defaults is defined - - name: certificates loop include_tasks: ../../certbot/tasks/certbot.yml with_items: "{{ matrix_loop | default([]) }}" -- 2.49.0 From 5e45fed4469e2c0d8484dca5714acf7be7bf3ae2 Mon Sep 17 00:00:00 2001 From: Beta Date: Thu, 18 Dec 2025 13:38:08 -0300 Subject: [PATCH 10/19] dns_extras ya no funciona asi --- roles/proxy/tasks/normalize_node.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/proxy/tasks/normalize_node.yml b/roles/proxy/tasks/normalize_node.yml index aca95e0..0c89648 100644 --- a/roles/proxy/tasks/normalize_node.yml +++ b/roles/proxy/tasks/normalize_node.yml @@ -14,4 +14,3 @@ enable_compression: "{{ domino.enable_compression | default(domains_default_enable_compression) }}" roles: "{{ domino.roles | default([]) }}" service_name: "{{ domino.service_name | default(domino.nodo) }}" - dns_extras: "{{ domino.dns_extras | default([]) }}" -- 2.49.0 From df8b23525e290233e06b1fa3c07ab3ff49451a2c Mon Sep 17 00:00:00 2001 From: Beta Date: Thu, 18 Dec 2025 13:51:34 -0300 Subject: [PATCH 11/19] fix de orden de normalizacion, bardo del merge aun --- roles/proxy/tasks/main.yml | 7 ++----- roles/proxy/tasks/normalize_node.yml | 4 +++- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/roles/proxy/tasks/main.yml b/roles/proxy/tasks/main.yml index e9896a8..01ca497 100644 --- a/roles/proxy/tasks/main.yml +++ b/roles/proxy/tasks/main.yml @@ -41,13 +41,10 @@ loop_control: loop_var: common - - name: domains' stuff + - name: neo stuff block: - name: normalize and build matrix_loop - block: - - include_tasks: normalize_node.yml - - set_fact: - matrix_loop: "{{ matrix_loop | default([]) | union([ domino_normalized ]) }}" + include_tasks: normalize_node.yml with_items: "{{ matrix }}" when: "{{ (domino.domains is defined or domino.nodo is defined or domino.service_name is defined) }}" loop_control: diff --git a/roles/proxy/tasks/normalize_node.yml b/roles/proxy/tasks/normalize_node.yml index 0c89648..f099536 100644 --- a/roles/proxy/tasks/normalize_node.yml +++ b/roles/proxy/tasks/normalize_node.yml @@ -1,4 +1,3 @@ -# Normalizar entrada de matriz: auto-deducir rap_dn y domains desde 'nodo' - set_fact: _existing_abyayala_domains: "{{ (domino.domains | default([])) | select('match', '.*' ~ main_zone_regex ~ '$') | list }}" _other_domains: "{{ (domino.domains | default([])) | reject('match', '.*' ~ main_zone_regex ~ '$') | list }}" @@ -14,3 +13,6 @@ enable_compression: "{{ domino.enable_compression | default(domains_default_enable_compression) }}" roles: "{{ domino.roles | default([]) }}" service_name: "{{ domino.service_name | default(domino.nodo) }}" + +- set_fact: + matrix_loop: "{{ matrix_loop | default([]) | union([ domino_normalized ]) }}" \ No newline at end of file -- 2.49.0 From 80ed2dea5fe542e4de92dc0eee4518c203ab66d2 Mon Sep 17 00:00:00 2001 From: Beta Date: Thu, 18 Dec 2025 14:26:13 -0300 Subject: [PATCH 12/19] testnet como terminal, mientras se vuelve su propia test net --- abyayala.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/abyayala.yml b/abyayala.yml index bffee0a..2df7be1 100644 --- a/abyayala.yml +++ b/abyayala.yml @@ -60,6 +60,7 @@ matrix: - kaasavi - llavero - deabajo + - testnet - service_name: respaldos domains: -- 2.49.0 From 3467f774df02e2ea067d36985d40d7265e522970 Mon Sep 17 00:00:00 2001 From: Beta Date: Thu, 18 Dec 2025 14:26:01 -0300 Subject: [PATCH 13/19] fix: use service_name instead of domains[0] for stream config MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes error when vhost.domains is empty by using vhost.service_name for the stream configuration filename, which is always available and more consistent with the stream template usage. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 --- roles/proxy/tasks/stream.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/proxy/tasks/stream.yml b/roles/proxy/tasks/stream.yml index f35ff02..1579f1f 100644 --- a/roles/proxy/tasks/stream.yml +++ b/roles/proxy/tasks/stream.yml @@ -1,5 +1,5 @@ - set_fact: - vhost_dest: "{{ stream_path }}/{{ vhost.domains[0] }}.conf" + vhost_dest: "{{ stream_path }}/{{ vhost.service_name }}.conf" - name: default stream for ssh template: -- 2.49.0 From 28c80118f7a9b8c7184a011d3e220554e4cfb51a Mon Sep 17 00:00:00 2001 From: Beta Date: Thu, 18 Dec 2025 15:55:53 -0300 Subject: [PATCH 14/19] vpn_proxy: parametrizar la IP en la VPN del Proxy --- group_vars/hetzner/vars | 1 + group_vars/testing/vars | 1 + roles/dnsmasq/templates/dnsmasq.conf | 2 +- roles/kemal/templates/vhost.conf | 2 +- roles/proxy/templates/vhost.conf | 2 +- 5 files changed, 5 insertions(+), 3 deletions(-) diff --git a/group_vars/hetzner/vars b/group_vars/hetzner/vars index c1b2458..579a45e 100644 --- a/group_vars/hetzner/vars +++ b/group_vars/hetzner/vars @@ -1,5 +1,6 @@ host_ip: 5.161.236.18 main_zone: abyaya.la vpn_name: comun +vpn_proxy: 10.13.12.1 proxy_scale: 2 domains_default_force_https: yes diff --git a/group_vars/testing/vars b/group_vars/testing/vars index 94089f6..2d255c2 100644 --- a/group_vars/testing/vars +++ b/group_vars/testing/vars @@ -1,3 +1,4 @@ host_ip: 157.180.114.62 main_zone: abyayala.red vpn_name: comun +vpn_proxy: 10.13.12.255 \ No newline at end of file diff --git a/roles/dnsmasq/templates/dnsmasq.conf b/roles/dnsmasq/templates/dnsmasq.conf index 392dee4..48f41ad 100644 --- a/roles/dnsmasq/templates/dnsmasq.conf +++ b/roles/dnsmasq/templates/dnsmasq.conf @@ -122,7 +122,7 @@ interface={{ vpn_name }} except-interface=eth0 # Or which to listen on by address (remember to include 127.0.0.1 if # you use this.) -listen-address=10.13.12.1,127.0.0.1 +listen-address={{ vpn_proxy }},127.0.0.1 # If you want dnsmasq to provide only DNS service on an interface, # configure it as shown above, and then use the following line to # disable DHCP and TFTP on it. diff --git a/roles/kemal/templates/vhost.conf b/roles/kemal/templates/vhost.conf index 474d4a4..2c7a923 100644 --- a/roles/kemal/templates/vhost.conf +++ b/roles/kemal/templates/vhost.conf @@ -5,6 +5,6 @@ server { client_max_body_size 4k; location / { - proxy_pass http://10.13.12.1:3000; + proxy_pass http://{{ vpn_proxy }}:3000; } } diff --git a/roles/proxy/templates/vhost.conf b/roles/proxy/templates/vhost.conf index fbe0b50..ae20819 100644 --- a/roles/proxy/templates/vhost.conf +++ b/roles/proxy/templates/vhost.conf @@ -18,7 +18,7 @@ server { listen 80; - resolver 10.13.12.1 valid=300s; + resolver {{ vpn_proxy }} valid=300s; resolver_timeout 5s; {% if vhost.root | default(false) %} -- 2.49.0 From 6d442bbaa6fa2a1e3ccd78770beb5cef6d58d2ae Mon Sep 17 00:00:00 2001 From: Beta Date: Thu, 18 Dec 2025 16:01:37 -0300 Subject: [PATCH 15/19] fix: protect vhost.roles[0] access when array is empty MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Prevents error when vhost.roles is defined but empty by checking array length before accessing index 0 in all conditional statements. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 --- roles/proxy/tasks/vhosts.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/proxy/tasks/vhosts.yml b/roles/proxy/tasks/vhosts.yml index 388e480..76c8ace 100644 --- a/roles/proxy/tasks/vhosts.yml +++ b/roles/proxy/tasks/vhosts.yml @@ -1,12 +1,12 @@ - set_fact: vhost_dest: "{{ vhosts_path }}/{{ vhost.domains[0] }}.conf" -- block: +- block: - set_fact: custom_vhost: "roles/{{ vhost.roles[0] }}/templates/vhost.conf" - set_fact: proxy_conf: "roles/{{ vhost.roles[0] }}/templates/proxy.conf" - when: vhost.roles is defined + when: vhost.roles is defined and (vhost.roles | length > 0) - set_fact: proxy_conf_look: "{{ lookup('template', proxy_conf) }}" @@ -16,7 +16,7 @@ template: src: "{{ default_vhost }}" dest: "{{ vhost_dest }}" - when: (vhost.roles is undefined or vhost.roles[0] == 'proxy') or (custom_vhost is undefined or custom_vhost is not is_file) + when: (vhost.roles is undefined or (vhost.roles | length == 0) or vhost.roles[0] == 'proxy') or (custom_vhost is undefined or custom_vhost is not is_file) notify: - reload proxy @@ -24,6 +24,6 @@ template: src: "{{ custom_vhost }}" dest: "{{ vhost_dest }}" - when: (vhost.roles is defined and vhost.roles[0] != 'proxy') and custom_vhost is defined and custom_vhost is is_file + when: (vhost.roles is defined and (vhost.roles | length > 0) and vhost.roles[0] != 'proxy') and custom_vhost is defined and custom_vhost is is_file notify: - reload proxy -- 2.49.0 From f6f5c90d34ed903fc133378ce5d76cd93c0b9f89 Mon Sep 17 00:00:00 2001 From: Beta Date: Thu, 18 Dec 2025 16:15:26 -0300 Subject: [PATCH 16/19] fix: protect vhost.ports[0] access in stream template MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Prevents error when vhost.ports is defined but empty by checking array length before rendering the stream template that accesses ports[0]. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 --- roles/proxy/tasks/stream.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/proxy/tasks/stream.yml b/roles/proxy/tasks/stream.yml index 1579f1f..0b14835 100644 --- a/roles/proxy/tasks/stream.yml +++ b/roles/proxy/tasks/stream.yml @@ -5,6 +5,6 @@ template: src: "{{ default_stream }}" dest: "{{ vhost_dest }}" - when: vhost.ports is defined + when: vhost.ports is defined and (vhost.ports | length > 0) notify: - reload proxy -- 2.49.0 From 45fe05844eb6e69e79c5cc049f25ade75f2d292a Mon Sep 17 00:00:00 2001 From: Beta Date: Thu, 18 Dec 2025 16:30:00 -0300 Subject: [PATCH 17/19] especificar puerto e IP dinamica TODO: otra VPN / descubrir IP con ansible --- group_vars/testing/vars | 3 ++- testnet.yml | 7 +++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/group_vars/testing/vars b/group_vars/testing/vars index 2d255c2..cbba201 100644 --- a/group_vars/testing/vars +++ b/group_vars/testing/vars @@ -1,4 +1,5 @@ host_ip: 157.180.114.62 main_zone: abyayala.red vpn_name: comun -vpn_proxy: 10.13.12.255 \ No newline at end of file +vpn_proxy: 10.13.12.159 +proxy_scale: 1 \ No newline at end of file diff --git a/testnet.yml b/testnet.yml index f9c621b..beea6a5 100644 --- a/testnet.yml +++ b/testnet.yml @@ -16,8 +16,7 @@ matrix: nodos: - qi - - service_name: qi - domains: - - qi.abyayala.red - nodo: qi.comun + - nodo: qi + ports: + - 531 # force_https: yes \ No newline at end of file -- 2.49.0 From 729f931c3956b9b02b5051b085afe365a8f0febe Mon Sep 17 00:00:00 2001 From: Beta Date: Thu, 18 Dec 2025 16:55:59 -0300 Subject: [PATCH 18/19] refactor: improve rap_dn calculation robustness MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Separates the calculation of node_name and rap_dn into intermediate variables to make the normalization more explicit and avoid issues with nested defaults. This makes the code clearer and more robust when handling elements with only service_name or only nodo defined. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 --- roles/proxy/tasks/normalize_node.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/proxy/tasks/normalize_node.yml b/roles/proxy/tasks/normalize_node.yml index f099536..7fc6c54 100644 --- a/roles/proxy/tasks/normalize_node.yml +++ b/roles/proxy/tasks/normalize_node.yml @@ -1,18 +1,20 @@ - set_fact: _existing_abyayala_domains: "{{ (domino.domains | default([])) | select('match', '.*' ~ main_zone_regex ~ '$') | list }}" _other_domains: "{{ (domino.domains | default([])) | reject('match', '.*' ~ main_zone_regex ~ '$') | list }}" + _node_name: "{{ domino.nodo | default(domino.service_name) }}" _default_domain: "{{ (domino.nodo | default(domino.service_name)) ~ '.' ~ main_zone }}" + _default_rap_dn: "{{ (domino.nodo | default(domino.service_name)) ~ '.' ~ vpn_name }}" - set_fact: domino_normalized: - nodo: "{{ domino.nodo | default(domino.service_name) }}" - rap_dn: "{{ domino.rap_dn | default((domino.nodo | default(domino.service_name)) ~ '.' ~ vpn_name) }}" + nodo: "{{ _node_name }}" + rap_dn: "{{ domino.rap_dn | default(_default_rap_dn) }}" domains: "{{ [(_existing_abyayala_domains[0] if (_existing_abyayala_domains | length > 0) else _default_domain)] + _other_domains }}" force_https: "{{ domino.force_https | default(domains_default_force_https) }}" ports: "{{ domino.ports | default([]) }}" enable_compression: "{{ domino.enable_compression | default(domains_default_enable_compression) }}" roles: "{{ domino.roles | default([]) }}" - service_name: "{{ domino.service_name | default(domino.nodo) }}" + service_name: "{{ domino.service_name | default(_node_name) }}" - set_fact: matrix_loop: "{{ matrix_loop | default([]) | union([ domino_normalized ]) }}" \ No newline at end of file -- 2.49.0 From bb069debaf51ba3cd9a0be5f5008a9c08949a4ad Mon Sep 17 00:00:00 2001 From: Beta Date: Thu, 18 Dec 2025 17:20:45 -0300 Subject: [PATCH 19/19] refactor: skip vhost generation for services without domains MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Services with roles but without domains specified are infrastructure services that deploy to destination servers (like knot/knsupdate, vpn/rap). These don't need proxy vhosts. Services with roles AND domains, or services without roles (proxy redirections) still get vhosts. Adds skip_vhost flag during normalization to mark services that should not generate vhosts, based on whether they have roles but no domains. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 --- roles/proxy/tasks/main.yml | 2 +- roles/proxy/tasks/normalize_node.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/proxy/tasks/main.yml b/roles/proxy/tasks/main.yml index 01ca497..f57c350 100644 --- a/roles/proxy/tasks/main.yml +++ b/roles/proxy/tasks/main.yml @@ -63,7 +63,7 @@ with_items: "{{ matrix_loop }}" loop_control: loop_var: vhost - when: (service is undefined) or (service is defined and service == vhost.service_name) + when: ((service is undefined) or (service is defined and service == vhost.service_name)) and not vhost.skip_vhost - name: streams loop include_tasks: stream.yml diff --git a/roles/proxy/tasks/normalize_node.yml b/roles/proxy/tasks/normalize_node.yml index 7fc6c54..340cefa 100644 --- a/roles/proxy/tasks/normalize_node.yml +++ b/roles/proxy/tasks/normalize_node.yml @@ -15,6 +15,7 @@ enable_compression: "{{ domino.enable_compression | default(domains_default_enable_compression) }}" roles: "{{ domino.roles | default([]) }}" service_name: "{{ domino.service_name | default(_node_name) }}" + skip_vhost: "{{ (domino.roles is defined and (domino.roles | length > 0) and domino.domains is not defined) }}" - set_fact: matrix_loop: "{{ matrix_loop | default([]) | union([ domino_normalized ]) }}" \ No newline at end of file -- 2.49.0