From f919ced4b2b2eac1fcbeb32c5f2bc2f8be9f1838 Mon Sep 17 00:00:00 2001
From: Robin Sonnabend <robin@fsmpi.rwth-aachen.de>
Date: Thu, 3 Dec 2020 20:17:24 +0100
Subject: [PATCH] Remove jessie references
jessie is EOL, remove it
---
mediawiki/tasks/main.yml | 13 +--------
mediawiki/tasks/mysql.yml | 12 +-------
mediawiki/tasks/postgres.yml | 12 +-------
php-fpm/tasks/main.yml | 1 -
uwsgi-python/templates/uwsgi.ini.j2 | 4 +--
webserver/templates/site-security | 45 +++++++++++++----------------
wordpress/tasks/main.yml | 12 --------
wordpress/tasks/mysql.yml | 12 +-------
8 files changed, 25 insertions(+), 86 deletions(-)
diff --git a/mediawiki/tasks/main.yml b/mediawiki/tasks/main.yml
index d15c41d..d1f5d41 100644
--- a/mediawiki/tasks/main.yml
+++ b/mediawiki/tasks/main.yml
@@ -1,21 +1,10 @@
---
# file: mediawiki/tasks/main.yml
-- name: ensure packages for mediawiki are installed on jessie
+- name: ensure packages for mediawiki are installed
apt:
name: mediawiki
state: present
- install_recommends: false
- when: debian_version == "jessie"
- tags:
- - mediawiki
- - webservices
-
-- name: ensure packages for mediawiki are installed on stretch
- apt:
- name: mediawiki
- state: present
- when: debian_version == "stretch"
tags:
- mediawiki
- webservices
diff --git a/mediawiki/tasks/mysql.yml b/mediawiki/tasks/mysql.yml
index e43ac8e..8f788d6 100644
--- a/mediawiki/tasks/mysql.yml
+++ b/mediawiki/tasks/mysql.yml
@@ -1,20 +1,10 @@
---
# file: mediawiki/tasks/mysql.yml
-- name: ensure php can talk with mysql on jessie
- apt:
- name: php5-mysql
- state: present
- when: debian_version == "jessie"
- tags:
- - mediawiki
- - webservices
-
-- name: ensure php can talk with mysql on stretch
+- name: ensure php can talk with mysql
apt:
name: php-mysql
state: present
- when: debian_version == "stretch"
tags:
- mediawiki
- webservices
diff --git a/mediawiki/tasks/postgres.yml b/mediawiki/tasks/postgres.yml
index 737cef5..f4fd6d6 100644
--- a/mediawiki/tasks/postgres.yml
+++ b/mediawiki/tasks/postgres.yml
@@ -1,20 +1,10 @@
---
# file: mediawiki/tasks/postgres.yml
-- name: ensure php can talk with postgres on jessie
- apt:
- name: php5-pgsql
- state: present
- when: debian_version == "jessie"
- tags:
- - mediawiki
- - webservices
-
-- name: ensure php can talk with postgres on stretch
+- name: ensure php can talk with postgres
apt:
name: php-pgsql
state: present
- when: debian_version == "stretch"
tags:
- mediawiki
- webservices
diff --git a/php-fpm/tasks/main.yml b/php-fpm/tasks/main.yml
index f08d6df..2d70ff5 100644
--- a/php-fpm/tasks/main.yml
+++ b/php-fpm/tasks/main.yml
@@ -45,7 +45,6 @@
owner: root
group: root
mode: '0644'
- when: debian_version != "jessie"
with_items: "{{ fpm_pools|default([]) }}"
notify:
- restart php-fpm
diff --git a/uwsgi-python/templates/uwsgi.ini.j2 b/uwsgi-python/templates/uwsgi.ini.j2
index e03ebee..8686c8d 100644
--- a/uwsgi-python/templates/uwsgi.ini.j2
+++ b/uwsgi-python/templates/uwsgi.ini.j2
@@ -44,9 +44,7 @@ log-x-forwarded-for =
{% if app_python_version == 2 %}
plugin = python27
{% elif app_python_version == 3 %}
-{% if debian_version == "jessie" %}
-plugin = python34
-{% elif debian_version == "stretch" %}
+{% if debian_version == "stretch" %}
plugin = python35
{% elif debian_version == "buster" %}
plugin = python37
diff --git a/webserver/templates/site-security b/webserver/templates/site-security
index 63752fc..4d7a0aa 100644
--- a/webserver/templates/site-security
+++ b/webserver/templates/site-security
@@ -1,72 +1,67 @@
-{% set always="always" %}
-{% if ansible_facts.distribution_major_version is version('9', '<') %}
- {# nginx in jessie does not support always #}
- {% set always="" %}
-{% endif %}
{% if server.http_forward|default(true) %}
- add_header Strict-Transport-Security "max-age=15768000" {{always}};
+ add_header Strict-Transport-Security "max-age=15768000" always;
{% endif %}
{% if server.xss_protect|default(true) %}
- add_header X-XSS-Protection "1; mode=block" {{always}};
+ add_header X-XSS-Protection "1; mode=block" always;
{% endif %}
{% if server.no_sniff|default(true) %}
- add_header X-Content-Type-Options "nosniff" {{always}};
+ add_header X-Content-Type-Options "nosniff" always;
{% endif %}
{% if server.referrer_policy|default(true) %}
{% if server.referrer_policy is defined %}
- add_header Referrer-Policy "{{ server.referrer_policy }}" {{always}};
+ add_header Referrer-Policy "{{ server.referrer_policy }}" always;
{% else %}
- add_header Referrer-Policy "same-origin" {{always}};
+ add_header Referrer-Policy "same-origin" always;
{% endif %}
{% endif %}
{% if server.expect_ct|default(true) %}
{% if server.expect_ct is defined %}
- add_header Expect-CT "{{ server.expect_ct }}" {{always}};
+ add_header Expect-CT "{{ server.expect_ct }}" always;
{% else %}
- add_header Expect-CT "max-age=86400, enforce" {{always}};
+ add_header Expect-CT "max-age=86400, enforce" always;
{% endif %}
{% endif %}
{% if server.cors|default(false) %}
{% if server.cors is defined %}
- add_header Access-Control-Allow-Origin "{{ server.cors }}" {{always}};
+ add_header Access-Control-Allow-Origin "{{ server.cors }}" always;
{% else %}
- add_header Access-Control-Allow-Origin "'*'" {{always}};
+ add_header Access-Control-Allow-Origin "'*'" always;
{% endif %}
{% if not server.no_sniff|default(true) %}
- add_header X-Content-Type-Options "nosniff" {{always}};
+ add_header X-Content-Type-Options "nosniff" always;
{% endif %}
{% if not server.csp|default(true) %}
- add_header Content-Security-Policy "default-src 'none'; frame-ancestors 'none'" {{always}};
- add_header X-Frame-Options "DENY" {{always}};
+ add_header Content-Security-Policy "default-src 'none'; frame-ancestors 'none'" always;
+ add_header X-Frame-Options "DENY" always;
{% endif %}
{% endif %}
{% if server.csp|default(true) %}
{% if server.csp is defined and server.csp == 'self' %}
- add_header Content-Security-Policy "object-src 'none'; default-src 'self'; frame-ancestors 'none'; block-all-mixed-content" {{always}};
- add_header X-Frame-Options "DENY" {{always}};
+ add_header Content-Security-Policy "object-src 'none'; default-src 'self'; frame-ancestors 'none'; block-all-mixed-content" always;
+ add_header X-Frame-Options "DENY" always;
{% elif server.csp is defined %}
{% if 'frame-ancestors' in server.csp %}
{% if server.csp['frame-ancestors'] == "'self'" %}
- add_header X-Frame-Options "SAMEORIGIN" {{always}};
+ add_header X-Frame-Options "SAMEORIGIN" always;
{% else %}
- add_header X-Frame-Options "DENY" {{always}};
+ add_header X-Frame-Options "DENY" always;
{% endif %}
{% else %}
- add_header X-Frame-Options "DENY" {{always}};
+ add_header X-Frame-Options "DENY" always;
{% set x=server.csp.__setitem__("frame-ancestors", "'none'") %}
{% endif %}
{% set directives = [] %}
{% for key, value in server.csp.items() %}
{{ directives.append(key ~ ' ' ~ value) }}
{% endfor %}
- add_header Content-Security-Policy "{{ directives|join('; ') }}" {{always}};
+ add_header Content-Security-Policy "{{ directives|join('; ') }}" always;
{% else %}
- add_header Content-Security-Policy "object-src 'self'; default-src 'self' data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'none'" {{always}};
- add_header X-Frame-Options "DENY" {{always}};
+ add_header Content-Security-Policy "object-src 'self'; default-src 'self' data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'none'" always;
+ add_header X-Frame-Options "DENY" always;
{% endif %}
{% endif %}
diff --git a/wordpress/tasks/main.yml b/wordpress/tasks/main.yml
index 6137765..bdd6054 100644
--- a/wordpress/tasks/main.yml
+++ b/wordpress/tasks/main.yml
@@ -17,18 +17,6 @@
name: wordpress
state: present
install_recommends: false
- default-release: jessie-backports
- when: debian_version == 'jessie'
- tags:
- - wordpress
- - webservices
-
-- name: ensure the wordpress package is installed
- apt:
- name: wordpress
- state: present
- install_recommends: false
- when: debian_version != 'jessie'
tags:
- wordpress
- webservices
diff --git a/wordpress/tasks/mysql.yml b/wordpress/tasks/mysql.yml
index 005f286..a3616c3 100644
--- a/wordpress/tasks/mysql.yml
+++ b/wordpress/tasks/mysql.yml
@@ -1,20 +1,10 @@
---
# file: wordpress/tasks/mysql.yml
-
-- name: ensure php can talk with mysql
- apt:
- name: php5-mysql
- state: present
- when: debian_version == 'jessie'
- tags:
- - wordpress
- - webservices
-
+#
- name: ensure php can talk with mysql
apt:
name: php-mysql
state: present
- when: debian_version == 'stretch'
tags:
- wordpress
- webservices
--
GitLab