Fix batch mode and various other stuff

noobient · Nov 21, 2023 · ea8d50f · ea8d50f
1 parent bc58597
commit ea8d50f
Show file tree

Hide file tree

Showing 8 changed files with 61 additions and 51 deletions.
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -5,12 +5,12 @@
     mode: "{{ item.mode }}"
     path: "{{ item.path | default('') }}"
     www_mode: "{{ item.www_mode | default('') }}"
-    new_domain: "{{ item.new_domain | default('') }}"
     ssl_disabled: "{{ item.ssl_disabled | default('') }}"
     ssl_key: "{{ item.ssl_key | default('') }}"
     ssl_cert: "{{ item.ssl_cert | default('') }}"
     host_port: "{{ item.host_port | default('') }}"
     proxy_port: "{{ item.proxy_port | default('') }}"
+    new_domain: "{{ item.new_domain | default('') }}"
   loop: "{{ nginx_batch }}"
   when: (nginx_batch is defined) and (nginx_batch.__class__.__name__ == 'list')
 

diff --git a/tasks/php.yml b/tasks/php.yml
@@ -20,7 +20,7 @@
     noobient_nginx_php_unit: "php{% if ansible_pkg_mgr == 'apt' %}{{ noobient_nginx_php_ver }}{% endif %}-fpm.service"
     noobient_nginx_php_ini: "{% if ansible_pkg_mgr == 'dnf' %}/etc/php.ini{% else %}/etc/php/{{ noobient_nginx_php_ver }}/fpm/php.ini{% endif %}"
     noobient_nginx_fpm_conf: "{% if ansible_pkg_mgr == 'dnf' %}/etc/php-fpm.d/{% else %}/etc/php/{{ noobient_nginx_php_ver }}/fpm/pool.d/{% endif %}www.conf"
-    noobient_nginx_fpm_sock: "{% if ansible_pkg_mgr == 'dnf' %}/run/php-fpm/www.sock{% else %}/run/php/php{{ noobient_nginx_php_ver }}-fpm.sock{% endif %}"
+    noobient_nginx_fpm_sock: "{% if ansible_pkg_mgr == 'dnf' %}{{ default_fpm_sock }}{% else %}/run/php/php{{ noobient_nginx_php_ver }}-fpm.sock{% endif %}"
 
 - name: Set PHP options
   ini_file:

diff --git a/templates/host.conf.j2 b/templates/host.conf.j2
@@ -14,7 +14,7 @@ server
 
 {% if mode == 'redirect' %}
     server_name {{ domain }} www.{{ domain }};
-    return 301 http{% if not eff_ssl_disabled | bool %}s{% endif %}://{{ new_domain }}$request_uri;
+    return 301 http{% if not eff_ssl_disabled | bool %}s{% endif %}://{{ eff_new_domain }}$request_uri;
 {% else %}
     server_name www.{{ domain }};
     return 301 http{% if not eff_ssl_disabled | bool %}s{% endif %}://{{ domain }}$request_uri;

diff --git a/templates/php.conf.j2 b/templates/php.conf.j2
@@ -3,7 +3,7 @@ index index.php;
 location ~ \.php$
 {
     try_files $uri =404;
-    fastcgi_pass unix:{{ noobient_nginx_fpm_sock }};
+    fastcgi_pass unix:{{ noobient_nginx_fpm_sock | default(default_fpm_sock) }};
     fastcgi_index index.php;
     fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
     include fastcgi_params;

diff --git a/tests/cert.yml b/tests/cert.yml
@@ -0,0 +1,17 @@
+---
+- name: Create cert directory
+  file:
+    path: /opt/acme
+    state: directory
+    owner: root
+    group: root
+    mode: '0700'
+
+- name: Install OpenSSL
+  package:
+    name: openssl
+    state: latest
+
+- name: Generate self-signed certificate # noqa no-changed-when
+  command:
+    cmd: openssl req -x509 -newkey rsa:4096 -keyout /opt/acme/foo.com.key -out /opt/acme/foo.com.cert -sha256 -days 3650 -nodes -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=foo.com"
diff --git a/tests/main.yml b/tests/main.yml
@@ -1,53 +1,9 @@
 ---
 - hosts: 127.0.0.1
   tasks:
+    - include_tasks: cert.yml
     - include_tasks: php.yml
-
-    - include_role:
-        name: "{{ playbook_dir.split('/')[:-1] | last }}"
-      vars:
-        domain: foo1.com
-        ssl_disabled: true
-        mode: wordpress
-
-    - include_role:
-        name: "{{ playbook_dir.split('/')[:-1] | last }}"
-      vars:
-        domain: foo2.com
-        ssl_disabled: true
-        mode: static
-        path: /data/content/foo2.com
-        www_mode: serve
-
-    - include_role:
-        name: "{{ playbook_dir.split('/')[:-1] | last }}"
-      vars:
-        domain: foo3.com
-        ssl_disabled: true
-        mode: redirect
-        new_domain: bar.com
-
-    - name: Create cert directory
-      file:
-        path: /opt/acme
-        state: directory
-        owner: root
-        group: root
-        mode: '0700'
-
-    - name: Generate self-signed certificate # noqa no-changed-when
-      command:
-        cmd: openssl req -x509 -newkey rsa:4096 -keyout /opt/acme/foo.com.key -out /opt/acme/foo.com.cert -sha256 -days 3650 -nodes -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=foo.com"
-
-    - include_role:
-        name: "{{ playbook_dir.split('/')[:-1] | last }}"
-      vars:
-        domain: foo.com
-        mode: proxy
-        ssl_key: /opt/acme/foo.com.key
-        ssl_cert: /opt/acme/foo.com.cert
-        host_port: 7777
-        proxy_port: 8888
+    - include_tasks: single.yml
 
     # Test batch mode and idempotency at the same time
     - include_role:

diff --git a/tests/single.yml b/tests/single.yml
@@ -0,0 +1,34 @@
+---
+- include_role:
+    name: "{{ playbook_dir.split('/')[:-1] | last }}"
+  vars:
+    domain: foo1.com
+    ssl_disabled: true
+    mode: wordpress
+
+- include_role:
+    name: "{{ playbook_dir.split('/')[:-1] | last }}"
+  vars:
+    domain: foo2.com
+    ssl_disabled: true
+    mode: static
+    path: /data/content/foo2.com
+    www_mode: serve
+
+- include_role:
+    name: "{{ playbook_dir.split('/')[:-1] | last }}"
+  vars:
+    domain: foo3.com
+    ssl_disabled: true
+    mode: redirect
+    new_domain: bar.com
+
+- include_role:
+    name: "{{ playbook_dir.split('/')[:-1] | last }}"
+  vars:
+    domain: foo.com
+    mode: proxy
+    ssl_key: /opt/acme/foo.com.key
+    ssl_cert: /opt/acme/foo.com.cert
+    host_port: 7777
+    proxy_port: 8888
diff --git a/vars/main.yml b/vars/main.yml
@@ -2,13 +2,16 @@
 nginx_root: /etc/nginx
 nginx_account: "{% if ansible_pkg_mgr == 'dnf' %}nginx{% else %}www-data{% endif %}"
 
-eff_www_mode: "{% if www_mode is defined and www_mode | length %}{{ www_mode }}{% else %}redirect{% endif %}"
 eff_path: "{% if path is defined and path | length %}{{ path }}{% else %}/var/www/html/{{ domain }}{% endif %}"
+eff_www_mode: "{% if www_mode is defined and www_mode | length %}{{ www_mode }}{% else %}redirect{% endif %}"
 eff_ssl_disabled: "{% if ssl_disabled is defined and ssl_disabled | string | length %}{{ ssl_disabled }}{% else %}false{% endif %}"
 eff_ssl_key: "{% if ssl_key is defined and ssl_key | length %}{{ ssl_key }}{% else %}/etc/acme/{{ domain }}/{{ domain }}.key{% endif %}"
 eff_ssl_cert: "{% if ssl_cert is defined and ssl_cert | length %}{{ ssl_cert }}{% else %}/etc/acme/{{ domain }}/fullchain.cer{% endif %}"
 eff_host_port: "{% if host_port is defined and host_port | string | length %}{{ host_port }}{% elif not eff_ssl_disabled | bool %}443{% else %}80{% endif %}"
 eff_proxy_port: "{% if proxy_port is defined and proxy_port | string | length %}{{ proxy_port }}{% else %}8080{% endif %}"
+eff_new_domain: "{{ new_domain | default('') }}"
+
+default_fpm_sock: /run/php-fpm/www.sock
 
 # Check with:
 # semanage port -l | grep '^http_port_t '