From dcff10f6f84d03c5f15cfa29cd4698cdcb365bd3 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Fri, 22 Mar 2019 16:31:45 +0100
Subject: [PATCH] Simplify setting usage in regenconf hooks

---
 data/hooks/conf_regen/03-ssh                   | 5 +----
 data/hooks/conf_regen/15-nginx                 | 6 +-----
 data/templates/nginx/plain/yunohost_admin.conf | 2 +-
 data/templates/nginx/server.tpl.conf           | 2 +-
 data/templates/ssh/sshd_config                 | 2 +-
 5 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/data/hooks/conf_regen/03-ssh b/data/hooks/conf_regen/03-ssh
index 0b58a461c..265c2f746 100755
--- a/data/hooks/conf_regen/03-ssh
+++ b/data/hooks/conf_regen/03-ssh
@@ -24,13 +24,10 @@ do_pre_regen() {
     fi
 
     # Support different strategy for security configurations
-    if [[ -n "$(yunohost settings get 'service.ssh.compatibility')" ]]; then
-        ssh_ciphers_compatibility="$(yunohost settings get 'service.ssh.compatibility')"
-    fi
+    export compatibility="$(yunohost settings get 'service.ssh.compatibility')"
 
     export ssh_keys
     export ipv6_enabled
-    export ssh_ciphers_compatibility
     ynh_render_template "sshd_config" "${pending_dir}/etc/ssh/sshd_config"
 }
 
diff --git a/data/hooks/conf_regen/15-nginx b/data/hooks/conf_regen/15-nginx
index 57446c081..60e719743 100755
--- a/data/hooks/conf_regen/15-nginx
+++ b/data/hooks/conf_regen/15-nginx
@@ -37,11 +37,7 @@ do_pre_regen() {
   domain_list=$(sudo yunohost domain list --output-as plain --quiet)
 
   # Support different strategy for security configurations
-  if [[ -n "$(yunohost settings get 'security.nginx.compatibility')" ]]; then
-      security_ciphers_compatibility="$(yunohost settings get 'security.nginx.compatibility')"
-  fi
-
-  export security_ciphers_compatibility
+  export compatibility="$(yunohost settings get 'security.nginx.compatibility')"
 
   # add domain conf files
   for domain in $domain_list; do
diff --git a/data/templates/nginx/plain/yunohost_admin.conf b/data/templates/nginx/plain/yunohost_admin.conf
index 71ad22545..c785a63c4 100644
--- a/data/templates/nginx/plain/yunohost_admin.conf
+++ b/data/templates/nginx/plain/yunohost_admin.conf
@@ -20,7 +20,7 @@ server {
     ssl_session_timeout 5m;
     ssl_session_cache shared:SSL:50m;
 
-    {% if security_ciphers_compatibility == "modern" %}
+    {% if compatibility == "modern" %}
     # Ciphers with modern compatibility
     # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.6.2&openssl=1.0.1t&hsts=yes&profile=modern
     # Uncomment the following to use modern ciphers, but remove compatibility with some old clients (android < 5.0, Internet Explorer < 10, ...)
diff --git a/data/templates/nginx/server.tpl.conf b/data/templates/nginx/server.tpl.conf
index b25e38faa..26bc78b39 100644
--- a/data/templates/nginx/server.tpl.conf
+++ b/data/templates/nginx/server.tpl.conf
@@ -29,7 +29,7 @@ server {
     ssl_session_timeout 5m;
     ssl_session_cache shared:SSL:50m;
 
-    {% if security_ciphers_compatibility == "modern" %}
+    {% if compatibility == "modern" %}
     # Ciphers with modern compatibility
     # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.6.2&openssl=1.0.1t&hsts=yes&profile=modern
     # The following configuration use modern ciphers, but remove compatibility with some old clients (android < 5.0, Internet Explorer < 10, ...)
diff --git a/data/templates/ssh/sshd_config b/data/templates/ssh/sshd_config
index f27ca3ebe..8dc0e8dfc 100644
--- a/data/templates/ssh/sshd_config
+++ b/data/templates/ssh/sshd_config
@@ -15,7 +15,7 @@ HostKey {{ key }}{% endfor %}
 # https://infosec.mozilla.org/guidelines/openssh
 # ##############################################
 
-{% if ssh_ciphers_compatibility == "intermediate" %}
+{% if compatibility == "intermediate" %}
   KexAlgorithms diffie-hellman-group-exchange-sha256
   Ciphers aes256-ctr,aes192-ctr,aes128-ctr
   MACs hmac-sha2-512,hmac-sha2-256