diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..c783900 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,43 @@ +--- + +name: ci +'on': + pull_request: + push: + branches: + - master + +jobs: + + yaml-lint: + name: YAML Lint + runs-on: ubuntu-latest + steps: + + - name: Fetch code + uses: actions/checkout@v3 + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install yamllint + + - name: Lint code. + run: | + yamllint . + + ansible-lint: + name: Ansible Lint + runs-on: ubuntu-latest + + steps: + - name: Fetch code + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Run ansible-lint + uses: ansible/ansible-lint-action@v6.15.0 diff --git a/.github/workflows/galaxy.yml b/.github/workflows/galaxy.yml new file mode 100644 index 0000000..6ccf841 --- /dev/null +++ b/.github/workflows/galaxy.yml @@ -0,0 +1,17 @@ +--- + +name: Deploy on Ansible Galaxy + +'on': + - push + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v2 + - name: galaxy + uses: robertdebock/galaxy-action@1.2.0 + with: + galaxy_api_key: ${{ secrets.galaxy_api_key }} diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml new file mode 100644 index 0000000..3945931 --- /dev/null +++ b/.github/workflows/molecule.yml @@ -0,0 +1,36 @@ +--- + +name: Molecule + +'on': + pull_request: + push: + branches: + - master + +jobs: + build: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + scenario: + - debian-10 + - debian-11 + - debian-12 + - ubuntu-18.04 + - ubuntu-20.04 + - ubuntu-22.04 + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + path: "${{ github.repository }}" + + - name: Molecule + uses: gofrolist/molecule-action@v2.3.19 + with: + molecule_options: --base-config molecule/_shared/base.yml + molecule_args: --scenario-name ${{ matrix.scenario }} + molecule_working_dir: "HanXHX/ansible-nginx" diff --git a/README.md b/README.md index e99b022..a130b2b 100644 --- a/README.md +++ b/README.md @@ -20,14 +20,15 @@ Features: Supported OS: -| OS | Working | Stable (active support) | -| -------------------- | ------- | ----------------------- | +| OS | Working | Stable (active support) | +|----------------------|---------|------------------------------------------------------------------------------------------------------| | Debian Jessie (8) | Yes | Check latest supported version ([1.5.0](https://github.com/HanXHX/ansible-nginx/releases/tag/1.5.0)) | | Debian Stretch (9) | Yes | Check latest supported version ([1.9.0](https://github.com/HanXHX/ansible-nginx/releases/tag/1.9.0)) | -| Debian Buster (10) | Yes | Yes | -| Debian Bullseye (11) | Yes | Yes | -| FreeBSD 11 | Yes | No | -| FreeBSD 12 | Yes | No | +| Debian Buster (10) | Yes | Yes | +| Debian Bullseye (11) | Yes | Yes | +| Debian Bookworm (12) | Yes | No | +| FreeBSD 11 | NA | No | +| FreeBSD 12 | NA | No | Requirements ------------ diff --git a/handlers/main.yml b/handlers/main.yml index 103e24f..9fabcab 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,42 +1,14 @@ --- -- name: Reload nginx # noqa: no-changed-when - ansible.builtin.command: nginx -t - notify: - - Real-reload nginx - - Docker reload nginx - -- name: Restart nginx # noqa: no-changed-when - ansible.builtin.command: nginx -t - notify: - - Real-restart nginx - - Docker restart nginx - -- name: Real-reload nginx +- name: Reload nginx ansible.builtin.service: name: nginx state: reloaded - when: ansible_virtualization_type != 'docker' -- name: Real-restart nginx +- name: Restart nginx ansible.builtin.service: name: nginx state: restarted - when: ansible_virtualization_type != 'docker' - -- name: Docker reload nginx # noqa: no-changed-when command-instead-of-module - ansible.builtin.command: service nginx reload - when: ansible_virtualization_type == 'docker' - -- name: Docker restart nginx # noqa: no-changed-when command-instead-of-module - ansible.builtin.command: service nginx restart - when: ansible_virtualization_type == 'docker' - -- name: Restart nginx freebsd - ansible.builtin.service: - name: nginx - state: restarted - when: ansible_distribution == "FreeBSD" - name: Setup ansible.builtin.setup: diff --git a/meta/main.yml b/meta/main.yml index d8bfb16..ba077fb 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -13,6 +13,7 @@ galaxy_info: versions: - buster - bullseye + - bookworm - name: FreeBSD versions: - '11.0' diff --git a/molecule/_shared/Dockerfile.j2 b/molecule/_shared/Dockerfile.j2 new file mode 100644 index 0000000..ca98098 --- /dev/null +++ b/molecule/_shared/Dockerfile.j2 @@ -0,0 +1,19 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +{% if item.env is defined %} +{% for var, value in item.env.items() %} +{% if value %} +ENV {{ var }} {{ value }} +{% endif %} +{% endfor %} +{% endif %} + +RUN apt-get update && \ + apt-get install -y python3 sudo bash ca-certificates iproute2 python-apt-common \ + && apt-get clean \ No newline at end of file diff --git a/molecule/_shared/base.yml b/molecule/_shared/base.yml new file mode 100644 index 0000000..0101203 --- /dev/null +++ b/molecule/_shared/base.yml @@ -0,0 +1,39 @@ +--- + +scenario: + test_sequence: + - dependency + - syntax + - create + - prepare + - converge + - idempotence + - verify + - destroy +dependency: + name: galaxy + options: + requirements-file: ./molecule/_shared/requirements.yml + role-file: ./molecule/_shared/requirements.yml +driver: + name: docker +role_name_check: 1 +provisioner: + name: ansible + env: + ANSIBLE_FILTER_PLUGINS: "../../filter_plugins" + config_options: + defaults: + deprecation_warnings: false + callback_whitelist: timer,profile_tasks + fact_caching: jsonfile + fact_caching_connection: ./cache + forks: 100 + connection: + pipelining: true + playbooks: + converge: ../_shared/converge.yml + prepare: ../_shared/prepare.yml + verify: ../_shared/verify.yml +verifier: + name: ansible diff --git a/molecule/_shared/converge.yml b/molecule/_shared/converge.yml new file mode 100644 index 0000000..7f830f0 --- /dev/null +++ b/molecule/_shared/converge.yml @@ -0,0 +1,20 @@ +--- + +- name: Converge + hosts: all + gather_facts: true + vars_files: + - vars/misc.yml + vars: + nginx_debug_role: true + tasks: + - name: SHELL | Get ngrok public address + ansible.builtin.shell: set -o pipefail && curl 'http://127.0.0.1:4040/api/tunnels/command_line' 2> /dev/null | jq -r '.public_url' | cut -d '/' -f 3 + args: + executable: /bin/bash + register: ngrok + changed_when: false + + - name: Include role + ansible.builtin.include_role: + name: "hanxhx.nginx" diff --git a/molecule/_shared/file/test.crt b/molecule/_shared/file/test.crt new file mode 100644 index 0000000..363d156 --- /dev/null +++ b/molecule/_shared/file/test.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDHTCCAgWgAwIBAgIJAJzUwbFlhyxIMA0GCSqGSIb3DQEBCwUAMCUxIzAhBgNV +BAMMGnRlc3Qtc3NsLXByZWRlcGxveWVkLmxvY2FsMB4XDTE2MDExMjE2MDUxNVoX +DTI2MDEwOTE2MDUxNVowJTEjMCEGA1UEAwwadGVzdC1zc2wtcHJlZGVwbG95ZWQu +bG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDm4q94vffiU89G +GO7rjDfr3C32tH9sM5sXqJT+7N5BLYLF0iSRIvy33MtwFu//TV3f+8nLlQuHYVVk +L6NEvaL8lh+nRexCQ/y+aXMh7lMhuwPXGgPR1LXsTqyDXbmV9c7k/Kwx5qHAcOb9 +d9YzmcOSO4M9v3WMl/4Zw2J7zNYruypxNBgFEwFx3NJ3AztACMYoVOIR5mS8ARX6 +xea4ddii1F41Vch+eiCGP9VZwDhEujhjy9PXvdBtYNwggM6d82Df9wwaFyIW5DU4 +PhpgAngvE2keY0GLy/LaXa6LAW+TCfPMRT2RtDuvqWr+useWF+O3n81TZqM/G7LV +9iPxkkRNAgMBAAGjUDBOMB0GA1UdDgQWBBSzXW5UY02/S0xrrobZCVOhas6VeDAf +BgNVHSMEGDAWgBSzXW5UY02/S0xrrobZCVOhas6VeDAMBgNVHRMEBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4IBAQC0+Tr0w9aG4f3LG3+WRGKfMopKICNEkA7JrPrvVUq8 +7UgtdrpOUZAL5AKxVVo1rHDdoL/VpjdqHdhyPzaSUl8hppCFsWmdQh4wLKGoyvcN +AqSGpXTeLSoFJ357F2OIQpXm2lfT2fVGebwyCNFkwpp7klFnmOusSl2/v5Y5cz+A +WvWrDg3jsNglx3mNLVcjbOSnen2PsZSmcVo27D0el6oDju8jjstyJ+Dvu0WP+CDL +s/VolFdbei7d4r2dj86OZ/BCZurltyc0wI3NMOdUuA7q4f1MPTRu7qr/ua5ItK92 +Avc+Gjn/Y/aIhzKpPicJQDK6FzxjfhCc8xtk0EjB4IpP +-----END CERTIFICATE----- diff --git a/molecule/_shared/file/test.key b/molecule/_shared/file/test.key new file mode 100644 index 0000000..7fbe267 --- /dev/null +++ b/molecule/_shared/file/test.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDm4q94vffiU89G +GO7rjDfr3C32tH9sM5sXqJT+7N5BLYLF0iSRIvy33MtwFu//TV3f+8nLlQuHYVVk +L6NEvaL8lh+nRexCQ/y+aXMh7lMhuwPXGgPR1LXsTqyDXbmV9c7k/Kwx5qHAcOb9 +d9YzmcOSO4M9v3WMl/4Zw2J7zNYruypxNBgFEwFx3NJ3AztACMYoVOIR5mS8ARX6 +xea4ddii1F41Vch+eiCGP9VZwDhEujhjy9PXvdBtYNwggM6d82Df9wwaFyIW5DU4 +PhpgAngvE2keY0GLy/LaXa6LAW+TCfPMRT2RtDuvqWr+useWF+O3n81TZqM/G7LV +9iPxkkRNAgMBAAECggEAEEeZkczrRpUcP1gQuKEZbFMJFqUhevKkk+V6JAN1pGje +GK65j1ZFNX2nBo9Hetvsq5doYidvOat+RuMpAvbQIDlBoBzJDN8YWiC7UoAocm9q +VOdrr4btEO13MogQRuefH/xE8/vMGfKcBvFFNDw6UvxJQ7hVRIWPECf7sLj/vPOC +OpMKghxcabQqidMPKyyHVPhQjuIvqW/SqBFpD+Ul0Ja1QGdx+p+/EwVmXnei6Kr8 +/ypULreHqIlBLD6McfFehxDV0m5U7qXb5xK3zdUurIhZixKLjbdRrorNInfEvlOh +vDy+hsF5GSzvn9dRrMAy/QcRPpXU47VNYZ5BfdCBTQKBgQD8VCbdpG5siXSlIjZd +xypgK1ttp8udTPWC1trnAc+Ku9O+cGmvABxYJA1iR/GDpSfMxglB7OhSecywKrr+ +S7Yjs9e/dyBmvF7U15JJaGp+db2Ct64z7MvqkwSJ5a0qrrZJRFetDdqdH9FPvURs +B147jbKsPiGcljjXbZlOBHJH9wKBgQDqPqoA3VqYOmvR7Ei8/skY2EOpFpOhSNko +ARFwUsDNHRk677URH97TCHq5UrwubfCeIcIptXHrMfaTsfq8vPLPykReIMRaknxf +DULJPHSoeBLrCAZmaWF1JVyYhrLhHNAzQ3u7a/kYIJm87FEZy3Ml6FSZmIGbRBqx +zqZYKoHs2wKBgQD469tbk7cLg556uYGAidYYAS20w29uwlkAtgxFD9g6OIjuud7I +MQfFO+uoJOjwwaC9ti+zxY56roVq1PybmP0Zw3T3AQIJ15KFzhQWLte/4U8PATzt +JJEV2+sCTn3COZDCPpVvttcPYjAOxdwV5j7j6Sl2GeT2oIt6mjg+asyCiQKBgQDk +LPxu8TBRfv8OMqs8Jrf/EpL9/7b48bxOwpOZJZMXelPcXCm1r6TfTrA1HAmg9Ijh +kKLQ/CUm5Ll7b3B+L1Qa4r2sLyD11SF/eaxn2BMPFD/hYCTT160ObsF+9h8DN4z7 +kq3RiMDRJth69nuds9fLwj++ipcdhr62G0VgNq/u5wKBgCz/I5J3tPNjrU9YampR +0gNnUkUfJWbiVMsG9uwL9l0L/ZzQHvELJ523QXQ0v/e/szHCyoX319u8HEQlC0Jw +Twlj81HDZzruDUB/mcH6Ee3zHKOmmF6ma+CgoYJJElKW89MUttPdmkH2J1QqLz+7 +EGREwqjr8/wm22DzKNiyDXJ0 +-----END PRIVATE KEY----- diff --git a/molecule/_shared/prepare.yml b/molecule/_shared/prepare.yml new file mode 100644 index 0000000..2ee9e0e --- /dev/null +++ b/molecule/_shared/prepare.yml @@ -0,0 +1,15 @@ +--- + +- name: Prepare + hosts: all + gather_facts: true + vars_files: + - vars/misc.yml + + tasks: + + - name: INCLUDE_TASKS | Pre tasks related to OS + ansible.builtin.include_tasks: "../../tests/includes/pre_{{ ansible_distribution }}.yml" + + - name: INCLUDE_TASKS | Pre_tasks common + ansible.builtin.include_tasks: "../../tests/includes/pre_common.yml" diff --git a/molecule/_shared/requirements.yml b/molecule/_shared/requirements.yml new file mode 100644 index 0000000..0ecfd59 --- /dev/null +++ b/molecule/_shared/requirements.yml @@ -0,0 +1,6 @@ +--- + +roles: + - name: hanxhx.php + +collections: [] diff --git a/molecule/_shared/templates/custom_template.conf.j2 b/molecule/_shared/templates/custom_template.conf.j2 new file mode 100644 index 0000000..9c19619 --- /dev/null +++ b/molecule/_shared/templates/custom_template.conf.j2 @@ -0,0 +1,16 @@ +# {{ ansible_managed }} - custom template + +server { + listen 80; + listen 8888 http2; + listen 9999 http2 proxy_protocol; + server_name {{ item.name }}; + + index index.html index.htm; + + root {{ item.root }}; + + location / { + try_files $uri $uri/ =404; + } +} diff --git a/molecule/_shared/vars/misc.yml b/molecule/_shared/vars/misc.yml new file mode 100644 index 0000000..baecfc6 --- /dev/null +++ b/molecule/_shared/vars/misc.yml @@ -0,0 +1,259 @@ +--- + +# Force SysVinit, since systemd won't work in a Docker container +ansible_service_mgr: "sysvinit" + +# ---------------------------------------- +# Copied from {role_dir}/tests/group_vars/all.yml +# ---------------------------------------- + +# Internal vars +int_ansible_ssl_dir: '/etc/ansible-ssl' +# Role vars +nginx_worker_processes: 1 # Ansible+FreeBSD can't detect CPU number +nginx_apt_package: 'nginx-extras' +nginx_module_packages: ['libnginx-mod-http-headers-more-filter'] +nginx_custom_core: + - 'worker_rlimit_nofile 4242;' + +nginx_upstreams: + - name: 'test' + servers: + - path: '127.0.0.1:80' + max_conns: 150 + weight: 10 + down: false + - name: 'test-absent' + servers: + - path: '127.0.0.1:80' + max_conns: 150 + weight: 10 + down: false + state: 'absent' + +nginx_htpasswd: + - name: 'hello' + description: 'Please login!' + users: + - name: 'hx' + password: 'asdfg' + state: 'absent' + - name: 'hanx' + password: 'qwerty' + - name: 'deleteme' + description: 'Please login!' + users: [] + state: 'absent' + +nginx_acmesh: true +nginx_acmesh_test: true + +nginx_ssl_pairs: + - name: '{{ ngrok.stdout }}' + acme: true + - name: 'test-ssl-selfsigned.local' + self_signed: true + force: false + - name: + - 'test-ssl-predeployed.local' + - 'test-multiple-name.local' # Hack: tests for acme with multiple name, without using acme + dest_key: "{{ int_ansible_ssl_dir }}/test.key" + dest_cert: "{{ int_ansible_ssl_dir }}/test.crt" + - name: 'test-ssl.local' + key: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAvavrJWFp3Al2VwRgKx+4Y2mbRRvoxvyd2pyN0xMJ/tCJscaG + 8s60v6WZ9FcCOeMkSI2DXsk4z7pbQdQn0h2GDr/5MOJkPAVWSWEN46tpaLZ3v0zp + 88ZIbnEk1G0PsdFuW/pnLsakPlAMrl1VArFsV6YsatLt30UIYYcRO97StkoOehCx + A5w+XqtfHZeQZ0/DS81633gwYUcMuSTUFZ60r7ge1/m77DTSKg3rTVk5sebP8cjS + +aWHvxP/GyvvDsT+3gjRJx2/5O3JkfH0zaOsaU2Avj0PR0c5rhynrNO/l1k+GJJB + cbBrM+yA8Ofzp4oXUrCfaIq3RuL3Pd+khcKsiwIDAQABAoIBAQCPpAMQ7BUfbosQ + m1+5SOx7XR8Z12kSSX3CcY12rJSFRakB2TeZ6rE38lIFmV82N67iw0kaH4nGx3sU + /3aoyXMc+IXfX5RJYEFYkQfTw5ywkH9fgQAsfZ2dBlK+DVo1cEYDoj9CTW1VQ4pX + Ape+0l8agd5hiBxdWgpe0ctbbARnx584viLiA/iPBDNxKi9zEYw+WP7hSj5QWahr + a09tubcC4L6tjvv8CoZTRSKfCW64vWRDvE6vmA+zJN9Arc1WTYzF1KO1Gybwf8h7 + stJb191smAgGDFhKo0j58ncyAnrS1k4mapm86QQhlfIA6DKvvC0qm3KdQns5b7HM + PyzW0hwBAoGBAO2mTVTOsziom9vtBwM0nRMMEgynR2X3EKMJz2mjcCf66f1F+aQ5 + DvQFM2V8S2s1nGnPh8NKKZ8DxW1NKuR4qx82zeAXpUs9ibHxOnw4YRC485zqc2Wt + fSO1OEDYeKyzWP1nGGtCntYUXzJnWn/wz0mBGKzLKTuLwyFIKx1b7bybAoGBAMxR + N+lT57rX6d4GUqcgNOuWMZ/D8egnE5+hsoiFnHOisRLOgUgBBSy4rwAZx+rdHYT+ + RO11L1PLYEzyvnO0f13R+N7aqKwNXDSzZGA+jb4pjkVidIC2smG/JYKJH5Z+kakw + mwMKP0wdRZJsCaMgScHmWJS8d6Ox/XJJoWrTWTbRAoGAWJlEgVaiaIArwz1F/QLz + gHNik0cWDkSi9jWlFxwwpycbbypUXM5M7dq2g6JoN6sACk6trbgLdlYgl5RKZm06 + VuPGs0H9hOSHXkix5jfasDJT2G9r4D9ixRo9w6cwriobBjYWW3612tgzeYYgrkwn + 655uhZUkZSfA8rqGIGbyZfsCgYAf5WH8G+wmIATTc1s92epJCOZwUY+XNVp75itP + 4sPczX4lOHW4PuiG5cH0GxI5mRE9rNAn3c5on2xGNvMCbyAfDmNyruH8Eg3d8E9w + MvO/xw79x/P2EA9i8QszCKMUxGeK6RqZ6+SbxkoRJKqQe77n9UTI228179hoGhSH + 77ySsQKBgQC8SSZn6a8PpSIIFXB9WCFMwfGFYbUz0wvpaeZP8GKx3BEzMeJqSUaJ + hrQgpwQXkueeamlCQcvV3AUCoBRWTYRLDrWiUIXuIgikDWBFp6TBvTnVRI7iktly + fNED7jXOSjJqnFmdkZlAI5V8dM++mVYVykJD6jcaVRQvxqFLrhSaRg== + -----END RSA PRIVATE KEY----- + cert: | + -----BEGIN CERTIFICATE----- + MIIDBTCCAe2gAwIBAgIJALKJfbk5vuieMA0GCSqGSIb3DQEBBQUAMBkxFzAVBgNV + BAMMDnRlc3Qtc3NsLmxvY2FsMB4XDTE2MDExMTE2NDI0NFoXDTI2MDEwODE2NDI0 + NFowGTEXMBUGA1UEAwwOdGVzdC1zc2wubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUA + A4IBDwAwggEKAoIBAQC9q+slYWncCXZXBGArH7hjaZtFG+jG/J3anI3TEwn+0Imx + xobyzrS/pZn0VwI54yRIjYNeyTjPultB1CfSHYYOv/kw4mQ8BVZJYQ3jq2lotne/ + TOnzxkhucSTUbQ+x0W5b+mcuxqQ+UAyuXVUCsWxXpixq0u3fRQhhhxE73tK2Sg56 + ELEDnD5eq18dl5BnT8NLzXrfeDBhRwy5JNQVnrSvuB7X+bvsNNIqDetNWTmx5s/x + yNL5pYe/E/8bK+8OxP7eCNEnHb/k7cmR8fTNo6xpTYC+PQ9HRzmuHKes07+XWT4Y + kkFxsGsz7IDw5/OnihdSsJ9oirdG4vc936SFwqyLAgMBAAGjUDBOMB0GA1UdDgQW + BBRaSF1L+ivPhmIVGQjtviBqZWDS9DAfBgNVHSMEGDAWgBRaSF1L+ivPhmIVGQjt + viBqZWDS9DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCjrgB9+Zuq + Rx7T2mRUl4jf75dLabuBQD0ePALTtvNyBSghhzSr90mE7GlFOYAv0JsmEa3R1LVF + wLPIdrIhNHpt7hN0PkhUlfgmxBnRSCfhpiq4xxsDVFM7ehtDz4+dv1LUDMXo07+E + f24g9aqmypiFzHisUQrYIhtQmHxRpKyGp6kDAW9qNxg6k/Um00aHdYfuD9ER4ksR + f8Hto7f+vssKxCRY2OZXqq13PxEwC5+hgAUkTdrycA/moXFuHJi3lCnCND7sSzvG + tXBggOusyFZFC4bs2m+V+Z+RN+tK2c/c0nq5HR8MV5HwIm4Z8GoT2/0BfJ00cgWL + lVz0gDBfdH8f + -----END CERTIFICATE----- + +nginx_custom_http: + - 'add_header X-ansible 1;' + - 'geoip_country {% if ansible_distribution == "Debian" %}/usr/share/GeoIP/GeoIP.dat{% else %}/usr/local/share/GeoIP/GeoIP.dat{% endif %};' + - 'map $geoip_country_code $allowed_country {' + - ' default yes;' + - ' MA no;' + - ' DZ no;' + - ' TN no;' + - '}' + +nginx_default_site: 'test.local' +nginx_default_site_ssl: 'test-ssl-predeployed.local' + +nginx_sites: + - name: + - 'test.local' + - 'test-alias.local' + - 'test2-alias.local' + template: '_base' + filename: 'first-test' + override_try_files: '$uri/ $uri =404' + headers: + 'X-Frame-Options': 'deny always' + 'X-ansible-default': '1' + manage_local_content: false + use_error_log: true + more: + - 'autoindex off;' + location: + '/test': + - 'return 403;' + '/gunther': + - 'return 404;' + '/status': + - 'stub_status on;' + - 'access_log off;' + - 'allow 127.0.0.1;' + - 'deny all;' + - name: 'test-htpasswd.local' + template: '_base' + location_before: + '/hello': + - htpasswd: 'hello' + location: + '/public': + - htpasswd: false + use_error_log: true + - name: 'test-htpasswd-all.local' + template: '_base' + htpasswd: 'hello' + - name: 'test-location.local' + template: '_base' + location_before: + '/b': + - 'alias /var/tmp;' + '/c': + - 'alias /var/tmp;' + location: + '/': + - 'alias /var/tmp;' + '/a': + - 'alias /var/tmp;' + location_order_before: + - '/b' + - '/c' + location_order: + - '/' + - '/a' + - name: 'test-php.local' + php_upstream: "manual" + upstream_params: + - 'fastcgi_param FOO bar;' + redirect_from: + - 'www.test-php.local' + template: '_php' + use_error_log: true + use_access_log: true + - name: 'test-php-index.local' + template: '_php_index' + php_upstream: 'hx_unix' + - name: 'test-php-index2.local' + template: '_php_index2' + php_upstream: 'hx_ip' + - name: 'test-proxy.local' + listen: + - 8080 + template: '_proxy' + upstream_name: 'test' + headers: + 'X-proxyfied': '1' + - name: 'deleted.local' + state: 'absent' + - name: 'redirect-to.local' + redirect_to: 'http://test.local' + - name: 'test-ssl.local' + proto: ['http', 'https'] + template: '_base' + - name: + - 'test-ssl-selfsigned.local' + - 'www.test-ssl-selfsigned.local' + proto: ['http', 'https'] + template: '_base' + hsts: 'max-age=1664;' + - name: 'test-ssl-predeployed.local' + proto: ['http', 'https'] + template: '_base' + ssl_name: 'test-ssl-predeployed.local' + headers: + 'X-ansible-default': '1' + ssl_template: false + - name: 'test-ssl-redirect.local' + proto: ['https'] + template: '_base' + ssl_name: 'test-ssl.local' + redirect_https: true + - name: + - 'test-ssl-redirect-many.local' + - 'test-ssl-redirect-many2.local' + listen_ssl: [8443] + proto: ['https'] + template: '_base' + ssl_name: 'test-ssl.local' + redirect_https: true + redirect_from: + - 'www.test-ssl-redirect-many.local' + - 'www.test-ssl-redirect-many2.local' + - name: 'test-ssl-proxy-protocol.local' + proto: ['http', 'https'] + listen_proxy_protocol: [20080] + listen_proxy_protocol_ssl: [20443] + template: '_base' + ssl_name: 'test-ssl.local' + headers: + 'X-Proxy-Protocol': '1' + - name: '{{ ngrok.stdout }}' + proto: ['http', 'https'] + listen_proxy_protocol: [21080] + listen_proxy_protocol_ssl: [21443] + template: '_base' + ssl_name: '{{ ngrok.stdout }}' + headers: + 'X-acme': '1' + - name: 'test-custom-template.local' + custom_template: 'templates/custom_template.conf.j2' + root: '/tmp/custom-template' + +nginx_php: "{{ [{'upstream_name': 'manual', 'sockets': [{'host': '127.0.0.1', 'port': '9636'}]}] }}" +nginx_dh_length: 1024 diff --git a/molecule/_shared/verify.yml b/molecule/_shared/verify.yml new file mode 100644 index 0000000..b12fc8a --- /dev/null +++ b/molecule/_shared/verify.yml @@ -0,0 +1,19 @@ +--- + +- name: Verify + hosts: all + gather_facts: true + vars_files: + - vars/misc.yml + vars: + nginx_root: "/srv/www" + tasks: + - name: SHELL | Get ngrok public address + ansible.builtin.shell: set -o pipefail && curl 'http://127.0.0.1:4040/api/tunnels/command_line' 2> /dev/null | jq -r '.public_url' | cut -d '/' -f 3 + args: + executable: /bin/bash + register: ngrok + changed_when: false + + - name: INCLUDE_TASKS | Post_tasks common + ansible.builtin.include_tasks: "../../tests/includes/post_common.yml" diff --git a/molecule/debian-10/molecule.yml b/molecule/debian-10/molecule.yml new file mode 100644 index 0000000..0308383 --- /dev/null +++ b/molecule/debian-10/molecule.yml @@ -0,0 +1,13 @@ +--- + +platforms: + - name: debian-10 + image: dokken/debian-10 + command: /lib/systemd/systemd + dockerfile: ../_shared/Dockerfile.j2 + capabilities: + - SYS_ADMIN + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true diff --git a/molecule/debian-11/molecule.yml b/molecule/debian-11/molecule.yml new file mode 100644 index 0000000..a9d5a5f --- /dev/null +++ b/molecule/debian-11/molecule.yml @@ -0,0 +1,13 @@ +--- + +platforms: + - name: debian-11 + image: dokken/debian-11 + command: /lib/systemd/systemd + dockerfile: ../_shared/Dockerfile.j2 + capabilities: + - SYS_ADMIN + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true diff --git a/molecule/debian-12/molecule.yml b/molecule/debian-12/molecule.yml new file mode 100644 index 0000000..6d4e51f --- /dev/null +++ b/molecule/debian-12/molecule.yml @@ -0,0 +1,13 @@ +--- + +platforms: + - name: debian-12 + image: dokken/debian-12 + command: /lib/systemd/systemd + dockerfile: ../_shared/Dockerfile.j2 + capabilities: + - SYS_ADMIN + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true diff --git a/molecule/default/.gitkeep b/molecule/default/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/molecule/ubuntu-18.04/molecule.yml b/molecule/ubuntu-18.04/molecule.yml new file mode 100644 index 0000000..7a55da6 --- /dev/null +++ b/molecule/ubuntu-18.04/molecule.yml @@ -0,0 +1,13 @@ +--- + +platforms: + - name: ubuntu-18.04 + image: dokken/ubuntu-18.04 + command: /lib/systemd/systemd + dockerfile: ../_shared/Dockerfile.j2 + capabilities: + - SYS_ADMIN + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true diff --git a/molecule/ubuntu-20.04/molecule.yml b/molecule/ubuntu-20.04/molecule.yml new file mode 100644 index 0000000..d889c6a --- /dev/null +++ b/molecule/ubuntu-20.04/molecule.yml @@ -0,0 +1,13 @@ +--- + +platforms: + - name: ubuntu-20.04 + image: dokken/ubuntu-20.04 + command: /lib/systemd/systemd + dockerfile: ../_shared/Dockerfile.j2 + capabilities: + - SYS_ADMIN + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true diff --git a/molecule/ubuntu-22.04/molecule.yml b/molecule/ubuntu-22.04/molecule.yml new file mode 100644 index 0000000..d820e55 --- /dev/null +++ b/molecule/ubuntu-22.04/molecule.yml @@ -0,0 +1,13 @@ +--- + +platforms: + - name: ubuntu-22.04 + image: dokken/ubuntu-22.04 + command: /lib/systemd/systemd + dockerfile: ../_shared/Dockerfile.j2 + capabilities: + - SYS_ADMIN + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true diff --git a/tasks/site.yml b/tasks/site.yml index a24e584..dcd47a9 100644 --- a/tasks/site.yml +++ b/tasks/site.yml @@ -49,7 +49,7 @@ mode: 0644 owner: root group: root - notify: ['Reload nginx', 'Restart nginx freebsd'] + notify: 'Reload nginx' when: (item.state is not defined or item.state != 'absent') and item.custom_template is not defined loop: "{{ nginx_sites }}" loop_control: @@ -62,7 +62,7 @@ mode: 0644 owner: root group: root - notify: ['Reload nginx', 'Restart nginx freebsd'] + notify: 'Reload nginx' when: (item.state is not defined or item.state != 'absent') and item.custom_template is defined loop: "{{ nginx_sites }}" loop_control: @@ -73,7 +73,7 @@ path: "{{ nginx_etc_dir }}/{{ item.1 }}/{{ item.0 | nginx_site_filename }}" state: absent loop: "{{ nginx_sites | product(dirs) | list }}" - notify: ['Reload nginx', 'Restart nginx freebsd'] + notify: 'Reload nginx' when: item.0.state is defined and item.0.state == 'absent' vars: dirs: ['sites-available', 'sites-enabled'] @@ -86,7 +86,7 @@ dest: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_filename }}" state: link loop: "{{ nginx_sites }}" - notify: ['Reload nginx', 'Restart nginx freebsd'] + notify: 'Reload nginx' when: > item.state is not defined or item.state == 'present' loop_control: @@ -97,7 +97,7 @@ path: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_filename }}" state: absent loop: "{{ nginx_sites }}" - notify: ['Reload nginx', 'Restart nginx freebsd'] + notify: 'Reload nginx' when: item.state is defined and item.state == 'disabled' loop_control: label: "{{ item | nginx_site_name }}" @@ -106,7 +106,7 @@ ansible.builtin.file: path: "{{ nginx_etc_dir }}/sites-enabled/default" state: absent - notify: ['Reload nginx', 'Restart nginx freebsd'] + notify: 'Reload nginx' when: nginx_default_site is not none - name: FILE | Auto set default site @@ -114,7 +114,7 @@ src: "{{ nginx_etc_dir }}/sites-available/default" dest: "{{ nginx_etc_dir }}/sites-enabled/default" state: link - notify: ['Reload nginx', 'Restart nginx freebsd'] + notify: 'Reload nginx' when: nginx_default_site is none - name: TEMPLATE | Deploy facts diff --git a/tests/includes/post_common.yml b/tests/includes/post_common.yml index 42ff3ea..275ee43 100644 --- a/tests/includes/post_common.yml +++ b/tests/includes/post_common.yml @@ -260,4 +260,3 @@ args: executable: /bin/bash changed_when: false - when: nginx_auto_config_httpv2 and 'http_v2' in nginx_modules diff --git a/tests/includes/pre_Debian.yml b/tests/includes/pre_Debian.yml index ff51dee..6e9edfe 100644 --- a/tests/includes/pre_Debian.yml +++ b/tests/includes/pre_Debian.yml @@ -4,7 +4,7 @@ ansible.builtin.apt_repository: repo: 'deb http://httpredir.debian.org/debian {{ ansible_distribution_release }}-backports main' state: present - when: nginx_backports + when: nginx_backports is defined and nginx_backports - name: APT | Install needed packages ansible.builtin.apt: @@ -65,9 +65,9 @@ name: foo system: true -- name: INCLUDE_ROLE | hanxhx.php +- name: INCLUDE_ROLE | hanxhx.php # TODO: repair vagrant ansible.builtin.include_role: - name: "{{ playbook_dir }}/hanxhx.php" + name: "hanxhx.php" vars: php_version: "{{ cur_php_version.stdout }}" php_autoremove_default_pool: false diff --git a/tests/includes/pre_common.yml b/tests/includes/pre_common.yml index e99c30d..5d4da12 100644 --- a/tests/includes/pre_common.yml +++ b/tests/includes/pre_common.yml @@ -1,12 +1,12 @@ --- -- name: SHELL | Start ngrok - ansible.builtin.shell: daemonize -l /tmp/ngrok.lock {{ ngrok_path }} http 80 --scheme http +- name: COMMAND | Start ngrok + ansible.builtin.command: daemonize -l /tmp/ngrok.lock {{ ngrok_path }} http 80 --scheme http failed_when: false changed_when: ngrok.stderr.find("Can't lock the lock file") == -1 register: ngrok -- name: WAIT_FOR | ngrok started +- name: WAIT_FOR | ngrok started # noqa: no-handler ansible.builtin.wait_for: delay: 2 port: 4040 @@ -22,11 +22,16 @@ - name: LINEINFILE | Tune vimrc ansible.builtin.lineinfile: line: "set mouse=" - dest: "{{ item }}/.vimrc" + dest: "{{ item.path }}/.vimrc" create: true + owner: "{{ item.owner }}" + group: "{{ item.owner }}" + mode: 0644 loop: - - /root - - /home/vagrant + - path: /root + owner: root + - path: /home/vagrant + owner: vagrant - name: FILE | Create an internal SSL dir ansible.builtin.file: @@ -36,21 +41,16 @@ owner: root group: root -- name: COPY | Deploy test certificate +- name: COPY | Deploy test cert/key ansible.builtin.copy: - src: "file/test.crt" - dest: "{{ int_ansible_ssl_dir }}/test.crt" - mode: 0640 - owner: root - group: root - -- name: COPY | Deploy test key - ansible.builtin.copy: - src: "file/test.key" - dest: "{{ int_ansible_ssl_dir }}/test.key" + src: "file/{{ item }}" + dest: "{{ int_ansible_ssl_dir }}/{{ item }}" mode: 0640 owner: root group: root + loop: + - 'test.key' + - 'test.crt' - name: COPY | Add all hosts in /etc/hosts ansible.builtin.copy: