Compare commits

..

No commits in common. "fee435537cb65af88b67d9057e4cbdb33bc82d10" and "664ac52a6188574aac0c80c98bc611cafb7b6fb6" have entirely different histories.

12 changed files with 32 additions and 50 deletions

View File

@ -18,12 +18,9 @@ jobs:
- debian-10 - debian-10
- debian-11 - debian-11
- debian-12 - debian-12
- ubuntu-18.04
- ubuntu-20.04
- ubuntu-22.04 - ubuntu-22.04
allowed-to-fail:
- false
include:
- scenario: ubuntu-20.04
allowed-to-fail: true
steps: steps:
- name: Checkout - name: Checkout
@ -37,7 +34,3 @@ jobs:
molecule_options: --base-config molecule/_shared/base.yml molecule_options: --base-config molecule/_shared/base.yml
molecule_args: --scenario-name ${{ matrix.scenario }} molecule_args: --scenario-name ${{ matrix.scenario }}
molecule_working_dir: "HanXHX/ansible-nginx" molecule_working_dir: "HanXHX/ansible-nginx"
continue-on-error: ${{ matrix.allowed-to-fail }}
- name: Fake command
run: echo "End of job"

View File

@ -26,11 +26,9 @@ Supported OS:
| Debian Stretch (9) | Yes | Check latest supported version ([1.9.0](https://github.com/HanXHX/ansible-nginx/releases/tag/1.9.0)) | | Debian Stretch (9) | Yes | Check latest supported version ([1.9.0](https://github.com/HanXHX/ansible-nginx/releases/tag/1.9.0)) |
| Debian Buster (10) | Yes | Yes | | Debian Buster (10) | Yes | Yes |
| Debian Bullseye (11) | Yes | Yes | | Debian Bullseye (11) | Yes | Yes |
| Debian Bookworm (12) | Yes | Not yet :) | | Debian Bookworm (12) | Yes | No |
| FreeBSD 11 | NA | No | | FreeBSD 11 | NA | No |
| FreeBSD 12 | NA | No | | FreeBSD 12 | NA | No |
| Ubuntu 20.04 | Yes | Yes |
| Ubuntu 22.04 | Yes | Yes |
Requirements Requirements
------------ ------------
@ -103,33 +101,22 @@ Fine configuration
Note Note
---- ----
- Active support for Debian/Ubuntu. - Active support for Debian.
- FreeBSD support is experimental. I only test (for the moment) 10.2 (but it can work on other versions). - FreeBSD support is experimental. I only test (for the moment) 10.2 (but it can work on other versions).
Dependencies Dependencies
------------ ------------
See: [requirements.yml](requirements.yml). None
If you need to dev this role locally on Vagrant If you need to dev this role locally
------------------------------------------------ ------------------------------------
Before use vagrant, run once: Before use vagrant, run once:
```commandline
ansible-galaxy install -p ./tests/ HanXHX.php,master
``` ```
ansible-galaxy install -p ./tests/ HanXHX.php,master
If you need to dev this role locally with molecule
--------------------------------------------------
Check available scenarios in [molecule](molecule) directory.
With `debian-12` scenario:
```commandline
molecule -v -c molecule/_shared/base.yml verify -s debian-12
``` ```
Example Playbook Example Playbook

View File

@ -8,7 +8,7 @@ Variables
- `nginx_dh`: DH content - `nginx_dh`: DH content
- `nginx_dh_length`: DH key length (default is 2048) - `nginx_dh_length`: DH key length (default is 2048)
- `nginx_dh_path`: file location - `nginx_dh_path`: file localation
- `nginx_ssl_dir`: directory where you install your SSL/TLS keys - `nginx_ssl_dir`: directory where you install your SSL/TLS keys
- `nginx_ssl_pairs` - `nginx_ssl_pairs`
@ -20,7 +20,7 @@ Note: `name` is used to deploy key/cert. With defaults values dans `name` = "foo
### Content mode ### Content mode
Key/Cert content is stored in variable. Useful with vault. Key/Cert content is stored in variable. Usefull with vault.
- `key`: content of the private key - `key`: content of the private key
- `cert`: content of the public key - `cert`: content of the public key
@ -36,7 +36,7 @@ You can use these variables if you use another task/role to manages your certifi
Create a self-signed pair and deploy it. Do not use this feature in production. Create a self-signed pair and deploy it. Do not use this feature in production.
- `self_signed`: set true to use this feature - `self_signed`: set true to use this featrure
- `force`: optional feature (default: false), force regen pair (not idempotent) - `force`: optional feature (default: false), force regen pair (not idempotent)
### Acme ### Acme
@ -45,7 +45,7 @@ Uses acme.sh to create free certificates. It uses HTTP-01 challenge. Use this fe
- `acme`: set true to use this feature. It uses `name` (can be a string or string list). - `acme`: set true to use this feature. It uses `name` (can be a string or string list).
Have a look to [acme configuration](acme.md configuration). Have a look to [acme configuratuion](acme.md configuration).
Tips Tips
---- ----

View File

@ -14,10 +14,6 @@ galaxy_info:
- buster - buster
- bullseye - bullseye
- bookworm - bookworm
- name: Ubuntu
versions:
- focal
- jammy
- name: FreeBSD - name: FreeBSD
versions: versions:
- '11.0' - '11.0'

View File

@ -9,7 +9,7 @@
tasks: tasks:
- name: INCLUDE_TASKS | Pre tasks related to OS - name: INCLUDE_TASKS | Pre tasks related to OS
ansible.builtin.include_tasks: "../../tests/includes/pre_{{ ansible_os_family }}.yml" ansible.builtin.include_tasks: "../../tests/includes/pre_{{ ansible_distribution }}.yml"
- name: INCLUDE_TASKS | Pre_tasks common - name: INCLUDE_TASKS | Pre_tasks common
ansible.builtin.include_tasks: "../../tests/includes/pre_common.yml" ansible.builtin.include_tasks: "../../tests/includes/pre_common.yml"

View File

@ -111,7 +111,7 @@ nginx_ssl_pairs:
nginx_custom_http: nginx_custom_http:
- 'add_header X-ansible 1;' - 'add_header X-ansible 1;'
- 'geoip_country {% if ansible_os_family == "Debian" %}/usr/share/GeoIP/GeoIP.dat{% else %}/usr/local/share/GeoIP/GeoIP.dat{% endif %};' - 'geoip_country {% if ansible_distribution == "Debian" %}/usr/share/GeoIP/GeoIP.dat{% else %}/usr/local/share/GeoIP/GeoIP.dat{% endif %};'
- 'map $geoip_country_code $allowed_country {' - 'map $geoip_country_code $allowed_country {'
- ' default yes;' - ' default yes;'
- ' MA no;' - ' MA no;'

View File

@ -0,0 +1,13 @@
---
platforms:
- name: ubuntu-18.04
image: dokken/ubuntu-18.04
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true

View File

@ -11,10 +11,3 @@ platforms:
volumes: volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw - /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true privileged: true
# Segfault on Ubuntu 20.04 with `nginx-extras` package...
provisioner:
inventory:
host_vars:
ubuntu-20.04:
nginx_apt_package: 'nginx-full'

View File

@ -14,7 +14,7 @@
- name: APT | Install nginx and dependencies - name: APT | Install nginx and dependencies
ansible.builtin.apt: ansible.builtin.apt:
pkg: "{{ nginx_apt_package }}" pkg: "{{ nginx_apt_package }}"
default_release: "{{ ansible_distribution_release + '-backports' if (nginx_backports and ansible_distribution == 'Debian') else ansible_distribution_release }}" default_release: "{{ ansible_distribution_release + '-backports' if nginx_backports else ansible_distribution_release }}"
- name: APT | Install nginx modules - name: APT | Install nginx modules
ansible.builtin.apt: ansible.builtin.apt:

View File

@ -1,7 +1,7 @@
--- ---
- name: INCLUDE_TASKS | Install - name: INCLUDE_TASKS | Install
ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" ansible.builtin.include_tasks: "{{ ansible_distribution }}.yml"
- name: IMPORT_TASKS | acme - name: IMPORT_TASKS | acme
ansible.builtin.import_tasks: "acme.yml" ansible.builtin.import_tasks: "acme.yml"

View File

@ -104,7 +104,7 @@ nginx_ssl_pairs:
nginx_custom_http: nginx_custom_http:
- 'add_header X-ansible 1;' - 'add_header X-ansible 1;'
- 'geoip_country {% if ansible_os_family == "Debian" %}/usr/share/GeoIP/GeoIP.dat{% else %}/usr/local/share/GeoIP/GeoIP.dat{% endif %};' - 'geoip_country {% if ansible_distribution == "Debian" %}/usr/share/GeoIP/GeoIP.dat{% else %}/usr/local/share/GeoIP/GeoIP.dat{% endif %};'
- 'map $geoip_country_code $allowed_country {' - 'map $geoip_country_code $allowed_country {'
- ' default yes;' - ' default yes;'
- ' MA no;' - ' MA no;'

View File

@ -4,7 +4,7 @@
hosts: all hosts: all
pre_tasks: pre_tasks:
- name: INCLUDE_TASKS | Pre_tasks related to OS version - name: INCLUDE_TASKS | Pre_tasks related to OS version
ansible.builtin.include_tasks: "includes/pre_{{ ansible_os_family }}.yml" ansible.builtin.include_tasks: "includes/pre_{{ ansible_distribution }}.yml"
- name: IMPORT_TASKS | Pre_tasks common - name: IMPORT_TASKS | Pre_tasks common
ansible.builtin.import_tasks: "includes/pre_common.yml" ansible.builtin.import_tasks: "includes/pre_common.yml"
@ -14,7 +14,7 @@
post_tasks: post_tasks:
- name: INCLUDE_TASKS | Post_tasks related to OS version - name: INCLUDE_TASKS | Post_tasks related to OS version
ansible.builtin.include_tasks: "includes/post_{{ ansible_os_family }}.yml" ansible.builtin.include_tasks: "includes/post_{{ ansible_distribution }}.yml"
- name: IMPORT_TASKS | Post_tasks common - name: IMPORT_TASKS | Post_tasks common
ansible.builtin.import_tasks: "includes/post_common.yml" ansible.builtin.import_tasks: "includes/post_common.yml"