diff --git a/mediawiki/tasks/main.yml b/mediawiki/tasks/main.yml
index d15c41d32fe025a7c38b6f070079f6d4b0bdfbb0..d1f5d410484584d826a5f8085ff919b86eb64091 100644
--- a/mediawiki/tasks/main.yml
+++ b/mediawiki/tasks/main.yml
@@ -1,21 +1,10 @@
---
# file: mediawiki/tasks/main.yml
-- name: ensure packages for mediawiki are installed on jessie
+- name: ensure packages for mediawiki are installed
apt:
name: mediawiki
state: present
- install_recommends: false
- when: debian_version == "jessie"
- tags:
- - mediawiki
- - webservices
-
-- name: ensure packages for mediawiki are installed on stretch
- apt:
- name: mediawiki
- state: present
- when: debian_version == "stretch"
tags:
- mediawiki
- webservices
diff --git a/mediawiki/tasks/mysql.yml b/mediawiki/tasks/mysql.yml
index e43ac8edcc6957c43d437ebd371610045eac1618..8f788d6c8083b5cd8d36c22d05f092e0e65b4d1d 100644
--- a/mediawiki/tasks/mysql.yml
+++ b/mediawiki/tasks/mysql.yml
@@ -1,20 +1,10 @@
---
# file: mediawiki/tasks/mysql.yml
-- name: ensure php can talk with mysql on jessie
- apt:
- name: php5-mysql
- state: present
- when: debian_version == "jessie"
- tags:
- - mediawiki
- - webservices
-
-- name: ensure php can talk with mysql on stretch
+- name: ensure php can talk with mysql
apt:
name: php-mysql
state: present
- when: debian_version == "stretch"
tags:
- mediawiki
- webservices
diff --git a/mediawiki/tasks/postgres.yml b/mediawiki/tasks/postgres.yml
index 737cef5efebcc1a481a26dad4e4478f8e825bd18..f4fd6d685f92b76e05016a0d51208a643fa32a09 100644
--- a/mediawiki/tasks/postgres.yml
+++ b/mediawiki/tasks/postgres.yml
@@ -1,20 +1,10 @@
---
# file: mediawiki/tasks/postgres.yml
-- name: ensure php can talk with postgres on jessie
- apt:
- name: php5-pgsql
- state: present
- when: debian_version == "jessie"
- tags:
- - mediawiki
- - webservices
-
-- name: ensure php can talk with postgres on stretch
+- name: ensure php can talk with postgres
apt:
name: php-pgsql
state: present
- when: debian_version == "stretch"
tags:
- mediawiki
- webservices
diff --git a/php-fpm/tasks/main.yml b/php-fpm/tasks/main.yml
index f08d6dfb714ae768f35a4942ba6e7ff11d2665ab..2d70ff58fe991e5780cf62dccd7bce9171f9371b 100644
--- a/php-fpm/tasks/main.yml
+++ b/php-fpm/tasks/main.yml
@@ -45,7 +45,6 @@
owner: root
group: root
mode: '0644'
- when: debian_version != "jessie"
with_items: "{{ fpm_pools|default([]) }}"
notify:
- restart php-fpm
diff --git a/uwsgi-python/templates/uwsgi.ini.j2 b/uwsgi-python/templates/uwsgi.ini.j2
index e03ebee3a9c44e616c3b042f57700e8023a553b0..8686c8dd95f47bee9b1d7752986d04e95066288d 100644
--- a/uwsgi-python/templates/uwsgi.ini.j2
+++ b/uwsgi-python/templates/uwsgi.ini.j2
@@ -44,9 +44,7 @@ log-x-forwarded-for =
{% if app_python_version == 2 %}
plugin = python27
{% elif app_python_version == 3 %}
-{% if debian_version == "jessie" %}
-plugin = python34
-{% elif debian_version == "stretch" %}
+{% if debian_version == "stretch" %}
plugin = python35
{% elif debian_version == "buster" %}
plugin = python37
diff --git a/webserver/templates/site-security b/webserver/templates/site-security
index 63752fcb8908d6971fc3032ddc78be187e1ae1e4..4d7a0aa6a3fab347225c3183bcde42a5e3c3e60c 100644
--- a/webserver/templates/site-security
+++ b/webserver/templates/site-security
@@ -1,72 +1,67 @@
-{% set always="always" %}
-{% if ansible_facts.distribution_major_version is version('9', '<') %}
- {# nginx in jessie does not support always #}
- {% set always="" %}
-{% endif %}
{% if server.http_forward|default(true) %}
- add_header Strict-Transport-Security "max-age=15768000" {{always}};
+ add_header Strict-Transport-Security "max-age=15768000" always;
{% endif %}
{% if server.xss_protect|default(true) %}
- add_header X-XSS-Protection "1; mode=block" {{always}};
+ add_header X-XSS-Protection "1; mode=block" always;
{% endif %}
{% if server.no_sniff|default(true) %}
- add_header X-Content-Type-Options "nosniff" {{always}};
+ add_header X-Content-Type-Options "nosniff" always;
{% endif %}
{% if server.referrer_policy|default(true) %}
{% if server.referrer_policy is defined %}
- add_header Referrer-Policy "{{ server.referrer_policy }}" {{always}};
+ add_header Referrer-Policy "{{ server.referrer_policy }}" always;
{% else %}
- add_header Referrer-Policy "same-origin" {{always}};
+ add_header Referrer-Policy "same-origin" always;
{% endif %}
{% endif %}
{% if server.expect_ct|default(true) %}
{% if server.expect_ct is defined %}
- add_header Expect-CT "{{ server.expect_ct }}" {{always}};
+ add_header Expect-CT "{{ server.expect_ct }}" always;
{% else %}
- add_header Expect-CT "max-age=86400, enforce" {{always}};
+ add_header Expect-CT "max-age=86400, enforce" always;
{% endif %}
{% endif %}
{% if server.cors|default(false) %}
{% if server.cors is defined %}
- add_header Access-Control-Allow-Origin "{{ server.cors }}" {{always}};
+ add_header Access-Control-Allow-Origin "{{ server.cors }}" always;
{% else %}
- add_header Access-Control-Allow-Origin "'*'" {{always}};
+ add_header Access-Control-Allow-Origin "'*'" always;
{% endif %}
{% if not server.no_sniff|default(true) %}
- add_header X-Content-Type-Options "nosniff" {{always}};
+ add_header X-Content-Type-Options "nosniff" always;
{% endif %}
{% if not server.csp|default(true) %}
- add_header Content-Security-Policy "default-src 'none'; frame-ancestors 'none'" {{always}};
- add_header X-Frame-Options "DENY" {{always}};
+ add_header Content-Security-Policy "default-src 'none'; frame-ancestors 'none'" always;
+ add_header X-Frame-Options "DENY" always;
{% endif %}
{% endif %}
{% if server.csp|default(true) %}
{% if server.csp is defined and server.csp == 'self' %}
- add_header Content-Security-Policy "object-src 'none'; default-src 'self'; frame-ancestors 'none'; block-all-mixed-content" {{always}};
- add_header X-Frame-Options "DENY" {{always}};
+ add_header Content-Security-Policy "object-src 'none'; default-src 'self'; frame-ancestors 'none'; block-all-mixed-content" always;
+ add_header X-Frame-Options "DENY" always;
{% elif server.csp is defined %}
{% if 'frame-ancestors' in server.csp %}
{% if server.csp['frame-ancestors'] == "'self'" %}
- add_header X-Frame-Options "SAMEORIGIN" {{always}};
+ add_header X-Frame-Options "SAMEORIGIN" always;
{% else %}
- add_header X-Frame-Options "DENY" {{always}};
+ add_header X-Frame-Options "DENY" always;
{% endif %}
{% else %}
- add_header X-Frame-Options "DENY" {{always}};
+ add_header X-Frame-Options "DENY" always;
{% set x=server.csp.__setitem__("frame-ancestors", "'none'") %}
{% endif %}
{% set directives = [] %}
{% for key, value in server.csp.items() %}
{{ directives.append(key ~ ' ' ~ value) }}
{% endfor %}
- add_header Content-Security-Policy "{{ directives|join('; ') }}" {{always}};
+ add_header Content-Security-Policy "{{ directives|join('; ') }}" always;
{% else %}
- add_header Content-Security-Policy "object-src 'self'; default-src 'self' data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'none'" {{always}};
- add_header X-Frame-Options "DENY" {{always}};
+ add_header Content-Security-Policy "object-src 'self'; default-src 'self' data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'none'" always;
+ add_header X-Frame-Options "DENY" always;
{% endif %}
{% endif %}
diff --git a/wordpress/tasks/main.yml b/wordpress/tasks/main.yml
index 6137765b072362241ea969cdbdbba7c6bf2e32d5..bdd60541b6353cbd609e3c96bc674fceb8bd298a 100644
--- a/wordpress/tasks/main.yml
+++ b/wordpress/tasks/main.yml
@@ -17,18 +17,6 @@
name: wordpress
state: present
install_recommends: false
- default-release: jessie-backports
- when: debian_version == 'jessie'
- tags:
- - wordpress
- - webservices
-
-- name: ensure the wordpress package is installed
- apt:
- name: wordpress
- state: present
- install_recommends: false
- when: debian_version != 'jessie'
tags:
- wordpress
- webservices
diff --git a/wordpress/tasks/mysql.yml b/wordpress/tasks/mysql.yml
index 005f286766038afab1178166a805d81b5cb7f921..a3616c3022ed36e03d0e080dc832bcfe925e5e2f 100644
--- a/wordpress/tasks/mysql.yml
+++ b/wordpress/tasks/mysql.yml
@@ -1,20 +1,10 @@
---
# file: wordpress/tasks/mysql.yml
-
-- name: ensure php can talk with mysql
- apt:
- name: php5-mysql
- state: present
- when: debian_version == 'jessie'
- tags:
- - wordpress
- - webservices
-
+#
- name: ensure php can talk with mysql
apt:
name: php-mysql
state: present
- when: debian_version == 'stretch'
tags:
- wordpress
- webservices