From ec94521c5be64ecedcd3254b5d97c80ae6a81d2e Mon Sep 17 00:00:00 2001
From: Emilien Mantel <emilien.mantel@debianiste.org>
Date: Thu, 30 Jul 2015 13:02:21 +0200
Subject: [PATCH] Migrate to jinja block ok

---
 README.md                                    |  2 +-
 defaults/main.yml                            |  2 +-
 meta/main.yml                                |  2 +-
 tasks/main.yml                               |  5 ++
 tasks/vhost.yml                              | 52 +++++++++------
 templates/etc/nginx/sites-available/_base.j2 | 70 ++++++++++++++++++++
 templates/etc/nginx/sites-available/_php.j2  | 28 ++++++++
 tests/test.yml                               | 25 ++++---
 8 files changed, 152 insertions(+), 34 deletions(-)
 create mode 100644 templates/etc/nginx/sites-available/_base.j2
 create mode 100644 templates/etc/nginx/sites-available/_php.j2

diff --git a/README.md b/README.md
index f35fd75..5f4eb2e 100644
--- a/README.md
+++ b/README.md
@@ -52,7 +52,7 @@ Few tips:
   - you can use your own templates, you must keep the same directory organization
   - you should see COMMON.j2 to see all abilities
 
-You can see many examples in: [tests/test.yml].
+You can see many examples in: [tests/test.yml](tests/test.yml).
 
 Dependencies
 ------------
diff --git a/defaults/main.yml b/defaults/main.yml
index 78ce798..a331761 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -5,7 +5,7 @@ nginx_apt_package: nginx-full
 #
 # Nginx shared variables
 #
-nginx_root: "/var/www"
+nginx_root: "/srv/www"
 nginx_log_dir: '/var/log/nginx'
 nginx_ssl_dir: '/etc/nginx/ssl'
 nginx_resolver:
diff --git a/meta/main.yml b/meta/main.yml
index b72081b..a45c877 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -2,7 +2,7 @@
 galaxy_info:
   author: Emilien Mantel
   description: Nginx for Debian 
-  company: your company (optional)
+  company:
   license: GPLv2 
   min_ansible_version: 1.2
   platforms:
diff --git a/tasks/main.yml b/tasks/main.yml
index a3619e3..c9c1ef0 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -3,6 +3,11 @@
 - name: APT | Install nginx
   apt: pkg={{ nginx_apt_package }} state=latest update_cache=yes cache_valid_time=3600
 
+- name: SHELL | Get Nginx version
+  shell: nginx -v 2>&1 | sed -r 's#.*/##;' | cut -d ' ' -f 1
+  register: nginx_version
+  changed_when: false
+
 - name: TEMPLATE | Deploy nginx.conf
   template: src=etc/nginx/nginx.conf.j2 dest=/etc/nginx/nginx.conf validate= "nginx -t"
   notify: restart nginx
diff --git a/tasks/vhost.yml b/tasks/vhost.yml
index 0430775..14531e0 100644
--- a/tasks/vhost.yml
+++ b/tasks/vhost.yml
@@ -1,41 +1,53 @@
 ---
 
 - name: FILE | Create root folders (foreach nginx_vhosts)
-  file: path={{ nginx_root }}/{{ item.name }} state=directory recurse=yes owner=www-data group=www-data mode=0755
-  file: path={{ nginx_root }}/{{ item.name }}/public state=directory recurse=yes owner=www-data group=www-data mode=0755
+  file: >
+    path={{ nginx_root }}/{{ item.name[0] }}/public
+    state=directory
+    recurse=yes
+    owner={{ item.owner | default('www-data') }}
+    group={{ item.group | default('www-data') }}
+    mode={{ item.mode | default('0755') }}
   with_items: nginx_vhosts
   when: item.root is not defined
 
 - name: TEMPLATE | Create vhosts
-  template: src=etc/nginx/sites-available/{{ item.template }}.j2 dest=/etc/nginx/sites-available/{{ item.name }}
+  template: >
+    src=etc/nginx/sites-available/{{ item.template }}.j2
+    dest=/etc/nginx/sites-available/{{ item.name[0] }}
   with_items: nginx_vhosts
   notify: reload nginx
 
-- name: COMMAND | Get sites available
-  command: ls -1 /etc/nginx/sites-available
-  register: old_vhosts
-  changed_when: false
-  ignore_errors: true
-
-- name: Delete unmanaged vhosts
-  file: path=/etc/nginx/sites-enabled/{{ item }} state=absent
-  file: path=/etc/nginx/sites-available/{{ item }} state=absent
-  with_items: old_vhosts.stdout_lines
-  when: item not in nginx_vhosts|map(attribute='name') and item != 'default'
-
 #- name: COPY | Add index.html / index.php
 #  copy: src={{ item }} dest={{ nginx_root }}/{{ item.name }}/public/{{ item }} owner=www-data group=www-data mode=0666
 #  with_fileglob: "web/*"
 
-- name: FILE | Enable vhosts (symlink to sites-enabled)
-  file: src=/etc/nginx/sites-available/{{ item.name }} dest=/etc/nginx/sites-enabled/{{ item.name }} state=link
+- name: FILE | Delete vhosts
+  file: dest=/etc/nginx/sites-enabled/{{ item.name[0] }} state=absent
+  file: dest=/etc/nginx/sites-available/{{ item.name[0] }} state=absent
   with_items: nginx_vhosts
   notify: reload nginx
+  when: item.delete is defined and item.delete
 
-- name: FILE | Create ssl dir per vhost (if needed)
-  file: dest=/etc/nginx/ssl/{{ item.name }} owner=root mode=0750 state=directory
+- name: FILE | Enable vhosts
+  file: >
+    src=/etc/nginx/sites-available/{{ item.name[0] }}
+    dest=/etc/nginx/sites-enabled/{{ item.name[0] }}
+    state=link
   with_items: nginx_vhosts
-  when: item.ssl.use is defined and item.ssl.use
+  notify: reload nginx
+  when: item.enabled is not defined or (item.enabled is defined and item.enabled)
+
+- name: FILE | Disable vhosts
+  file: dest=/etc/nginx/sites-enabled/{{ item.name[0] }} state=absent
+  with_items: nginx_vhosts
+  notify: reload nginx
+  when: item.enabled is defined and not item.enabled
+
+#- name: FILE | Create ssl dir per vhost (if needed)
+#  file: dest=/etc/nginx/ssl/{{ item.name }} owner=root mode=0750 state=directory
+#  with_items: nginx_vhosts
+#  when: item.ssl.use is defined and item.ssl.use
 
 # TODO...
 #- name: COPY | Deploy SSL keys if needed
diff --git a/templates/etc/nginx/sites-available/_base.j2 b/templates/etc/nginx/sites-available/_base.j2
new file mode 100644
index 0000000..cb01d52
--- /dev/null
+++ b/templates/etc/nginx/sites-available/_base.j2
@@ -0,0 +1,70 @@
+{% set __listen = item.listen | default(['80']) %}
+{% set __listen_ssl = item.listen_ssl | default(['443']) %}
+#
+# {{ ansible_managed }}
+#
+
+#
+# HTTP
+#
+server {
+{% for port in __listen %}
+	listen {{ port }};
+{% endfor %}
+	server_name {{ item.name | join(' ') }};
+
+{% if item.root is defined %}
+	root {{ item.root }};
+{% else %}
+	root {{ nginx_root }}/{{ item.name[0] }}/public;
+{% endif %}
+
+{% block template_index %}
+	index {{ item.index | default('index.html index.htm') }};
+{% endblock %}
+
+{% block template_try_files %}
+	try_files $uri $uri/ =404;
+{% endblock %}
+
+{% block template_custom_location %}
+{% endblock %}
+
+	location  ~ /\.ht {
+		deny all;
+	}
+	location ~* \.(txt|js|css|png|jpg|jpeg|gif|ico|svg)$ {
+		expires 30d;
+		log_not_found off;
+	}
+
+{% if item.use_access_log is defined and item.use_access_log %}
+	access_log {{ nginx_log_dir }}/{{ item.name }}_access.log combined;
+{% else %}
+	access_log off;
+{% endif %}
+{% if item.use_error_log is defined and item.use_error_log %}
+	error_log {{ nginx_log_dir }}/{{ item.name }}_error.log {{ nginx_error_log_level }};
+{% else %}
+	error_log off;
+{% endif %}
+}
+
+# HTTPS
+#server {
+#}
+
+{% if item.redirect_from is defined and item.redirect_from is iterable %}
+#
+# Redirect from
+#
+server {
+{% for port in __listen %}
+	listen {{ port }};
+{% endfor %}
+	server_name {{ item.redirect_from | join(' ') }};
+	return 301 $scheme://{{ item.name[0] }}$request_uri;
+}
+{% endif %}
+
+# vim:filetype=nginx
diff --git a/templates/etc/nginx/sites-available/_php.j2 b/templates/etc/nginx/sites-available/_php.j2
new file mode 100644
index 0000000..2bcd7ba
--- /dev/null
+++ b/templates/etc/nginx/sites-available/_php.j2
@@ -0,0 +1,28 @@
+{% extends "_base.j2" %}
+{% block template_index %}
+	index {{ item.index | default('index.html index.htm index.php') }};
+{% endblock %}
+
+{% block template_try_files %}
+	try_files $uri $uri/ index.php;
+{% endblock %}
+
+{% block template_custom_location %}
+	location ~ \.php$ {
+		fastcgi_pass php;
+		fastcgi_index index.php;
+{# TODO:	fastcgi_intercept_errors {{ item.php.intercept_errors | default('on') }}; #}
+		fastcgi_intercept_errors on;
+{% if nginx_version.stdout | version_compare('1.6.1', 'lt') %}
+		include fastcgi_params;
+{% else %}
+		include fastcgi.conf;
+{% endif %}
+
+		# TODO...
+		# Newrelic custom header: https://docs.newrelic.com/docs/apm/other-features/request-queueing/request-queue-server-configuration-examples
+		#fastcgi_param HTTP_X_REQUEST_START "t=${msec}";
+		# Newrelic custom PHP appname: https://docs.newrelic.com/docs/agents/php-agent/configuration/php-directory-ini-settings#perdir-nginx
+		#fastcgi_param PHP_VALUE "newrelic.appname=${host}";
+	}
+{% endblock %}
diff --git a/tests/test.yml b/tests/test.yml
index a9adb85..d175965 100644
--- a/tests/test.yml
+++ b/tests/test.yml
@@ -5,32 +5,35 @@
     - apt: pkg={{ item }} update_cache=yes cache_valid_time=3600 state=present
       with_items:
         - php5-fpm
-    - lineinfile: dest=/etc/hosts line="127.0.2.2 {{ nginx_vhosts|map(attribute='name')| join(' ') }}"
+    - lineinfile: >
+        dest=/etc/hosts
+        line="127.0.2.2 {% for name in nginx_vhosts|map(attribute='name') %}{{ name | join(' ') }} {% endfor %}"
   vars:
     nginx_php: true
     nginx_php_sockets:
       - unix_socket: "/var/run/php5-fpm.sock"
     nginx_vhosts:
-      - name: 'test.local'
-        aliases:
-          - test-alias.local
-          - test2-alias.local
-        template: 'static'
+      - name:
+          - 'test.local'
+          - 'test-alias.local'
+          - 'test2-alias.local'
+        template: '_base'
         ssl:
           use: false
-      - name: 'test-php.local'
-        template: 'wordpress'
+      - name:
+          - 'test-php.local'
+        template: '_php'
         ssl:
           use: false
   roles:
     - ../../
   post_tasks:
     - name: -- Add PHP file --
-      copy: dest=/var/www/test-php.local/public/index.php content="<?php phpinfo();"
+      copy: dest="{{ nginx_root }}/test-php.local/public/index.php" content="<?php phpinfo();"
     - name: -- Add HTML file --
-      copy: dest=/var/www/test.local/public/index.html content="HTML Message"
+      copy: dest="{{ nginx_root }}/test.local/public/index.html" content="Index HTML test OK\n"
     - name: -- VERIFY VHOSTS --
-      get_url: dest="/tmp/ansible_{{ item.name }}.txt" url="http://{{ item.name }}" validate_certs=no
+      get_url: dest="/tmp/ansible_{{ item.name[0] }}.txt" url="http://{{ item.name[0] }}" validate_certs=no
       with_items: nginx_vhosts
       changed_when: false