From a179f824f185be88d91cf2bda59e18546410587d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lecour?= <jeremy.lecour@gmail.com>
Date: Fri, 14 Jul 2017 15:42:36 +0200
Subject: [PATCH] merge nginx-light into nginx

---
 nginx-light/.kitchen.yml                      |  36 ----
 nginx-light/README.md                         |   9 -
 nginx-light/handlers/main.yml                 |   5 -
 nginx-light/tests/spec/nginx_light_spec.rb    |   9 -
 nginx-light/tests/test.yml                    |   4 -
 nginx/README.md                               |   7 +
 nginx/defaults/main.yml                       |   2 +
 nginx/tasks/main.yml                          | 194 +-----------------
 .../main.yml => nginx/tasks/main_minimal.yml  |  10 +-
 nginx/tasks/main_regular.yml                  | 193 +++++++++++++++++
 .../evolinux-default.minimal.conf.j2          |   0
 11 files changed, 211 insertions(+), 258 deletions(-)
 delete mode 100644 nginx-light/.kitchen.yml
 delete mode 100644 nginx-light/README.md
 delete mode 100644 nginx-light/handlers/main.yml
 delete mode 100644 nginx-light/tests/spec/nginx_light_spec.rb
 delete mode 100644 nginx-light/tests/test.yml
 rename nginx-light/tasks/main.yml => nginx/tasks/main_minimal.yml (65%)
 create mode 100644 nginx/tasks/main_regular.yml
 rename nginx-light/templates/default.j2 => nginx/templates/evolinux-default.minimal.conf.j2 (100%)

diff --git a/nginx-light/.kitchen.yml b/nginx-light/.kitchen.yml
deleted file mode 100644
index f63ccd3a..00000000
--- a/nginx-light/.kitchen.yml
+++ /dev/null
@@ -1,36 +0,0 @@
----
-driver:
-  name: docker
-  privileged: true
-  use_sudo: false
-
-provisioner:
-  name: ansible_playbook
-  hosts: test-kitchen
-  roles_path: ../
-  ansible_verbose: true
-  require_ansible_source: false
-  require_chef_for_busser: false
-  idempotency_test: true
-
-platforms:
-  - name: debian
-    driver_config:
-      image: evolix/ansible:2.2.1
-
-verifier:
-  name: serverspec
-
-suites:
-  - name: default
-    provisioner:
-      name: ansible_playbook
-      playbook: ./tests/test.yml
-    verifier:
-      patterns:
-      - nginx/tests/spec/nginx_light_spec.rb
-      bundler_path: '/usr/local/bin'
-      rspec_path: '/usr/local/bin'
-
-transport:
-  max_ssh_sessions: 6
diff --git a/nginx-light/README.md b/nginx-light/README.md
deleted file mode 100644
index 17d20719..00000000
--- a/nginx-light/README.md
+++ /dev/null
@@ -1,9 +0,0 @@
-# nginx-light
-
-Install Nginx light with a simply default vhost config.
-
-Used for hypervisors and backups servers.
-
-## Tasks
-
-Everything is in the `tasks/main.yml` file.
diff --git a/nginx-light/handlers/main.yml b/nginx-light/handlers/main.yml
deleted file mode 100644
index d4e42ca0..00000000
--- a/nginx-light/handlers/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- name: reload nginx
-  service:
-    name: nginx
-    state: reloaded
diff --git a/nginx-light/tests/spec/nginx_light_spec.rb b/nginx-light/tests/spec/nginx_light_spec.rb
deleted file mode 100644
index f7818739..00000000
--- a/nginx-light/tests/spec/nginx_light_spec.rb
+++ /dev/null
@@ -1,9 +0,0 @@
-require 'net/http'
-require 'uri'
-
-require 'serverspec'
-set :backend, :exec
-
-describe port(80) do
-  it { should be_listening }
-end
diff --git a/nginx-light/tests/test.yml b/nginx-light/tests/test.yml
deleted file mode 100644
index 01e20fec..00000000
--- a/nginx-light/tests/test.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-- hosts: test-kitchen
-  roles:
-    - role: nginx-light
diff --git a/nginx/README.md b/nginx/README.md
index f58fefc7..d519608b 100644
--- a/nginx/README.md
+++ b/nginx/README.md
@@ -6,10 +6,17 @@ Install Nginx.
 
 Everything is in the `tasks/main.yml` file.
 
+There are 2 modes : minimal and regular.
+
+The minimal mode is for servers without real web apps, and only access to munin graphs…
+
+The regular mode is for full fledged web services with optimized defaults.
+
 ## Available variables
 
 Main variables are :
 
+* `nginx_minimal` : very basic install and config (default: `False`) ;
 * `nginx_jessie_backports` : on Debian Jessie, we can prefer v1.10 from backports (default: `False`) ;
 * `nginx_private_ipaddr_whitelist_present` : list of IP addresses to have in the private whitelist ;
 * `nginx_private_ipaddr_whitelist_absent` : list of IP addresses **not** to have in the whitelist ;
diff --git a/nginx/defaults/main.yml b/nginx/defaults/main.yml
index e35001d8..16398ee4 100644
--- a/nginx/defaults/main.yml
+++ b/nginx/defaults/main.yml
@@ -1,4 +1,6 @@
 ---
+
+nginx_minimal: False
 nginx_jessie_backports: False
 
 nginx_private_ipaddr_whitelist_present: []
diff --git a/nginx/tasks/main.yml b/nginx/tasks/main.yml
index 7f11ed32..e1144a39 100644
--- a/nginx/tasks/main.yml
+++ b/nginx/tasks/main.yml
@@ -1,193 +1,7 @@
 ---
 
-- include: packages_jessie.yml
-  when: ansible_distribution_release == "jessie"
+- include: main_minimal.yml
+  when: nginx_minimal
 
-- include: packages_stretch.yml
-  when: ansible_distribution_release == "stretch"
-
-# TODO: find a way to override the main configuration
-# without touching the main file
-
-- name: customize worker_connections
-  lineinfile:
-    dest: /etc/nginx/nginx.conf
-    regexp: '^(\s*worker_connections)\s+.+;'
-    line: '    worker_connections 1024;'
-    insertafter: 'events \{'
-  tags:
-  - nginx
-
-- name: use epoll
-  lineinfile:
-    dest: /etc/nginx/nginx.conf
-    regexp: '^(\s*use)\s+.+;'
-    line: '    use epoll;'
-    insertafter: 'events \{'
-  tags:
-  - nginx
-
-- name: Install Nginx http configuration
-  copy:
-    src: nginx/evolinux-defaults.conf
-    dest: /etc/nginx/conf.d/z-evolinux-defaults.conf
-    mode: "0640"
-    # force: yes
-  notify: reload nginx
-  tags:
-  - nginx
-
-# TODO: verify that those permissions are correct :
-# not too strict for private_ipaddr_whitelist
-# and not too loose for private_htpasswd
-
-- name: Copy private_ipaddr_whitelist
-  copy:
-    src: nginx/snippets/private_ipaddr_whitelist
-    dest: /etc/nginx/snippets/private_ipaddr_whitelist
-    owner: www-data
-    group: www-data
-    directory_mode: "0640"
-    mode: "0640"
-    force: no
-  notify: reload nginx
-  tags:
-  - nginx
-
-- name: add IP addresses to private IP whitelist
-  lineinfile:
-    dest: /etc/nginx/snippets/private_ipaddr_whitelist
-    line: "allow {{ item }};"
-    state: present
-  with_items: "{{ nginx_private_ipaddr_whitelist_present }}"
-  notify: reload nginx
-  tags:
-  - nginx
-
-- name: remove IP addresses from private IP whitelist
-  lineinfile:
-    dest: /etc/nginx/snippets/private_ipaddr_whitelist
-    line: "allow {{ item }};"
-    state: absent
-  with_items: "{{ nginx_private_ipaddr_whitelist_absent }}"
-  notify: reload nginx
-  tags:
-  - nginx
-
-- name: Copy private_htpasswd
-  copy:
-    src: nginx/snippets/private_htpasswd
-    dest: /etc/nginx/snippets/private_htpasswd
-    owner: www-data
-    group: www-data
-    directory_mode: "0640"
-    mode: "0640"
-    force: no
-  notify: reload nginx
-  tags:
-  - nginx
-
-- name: add user:pwd to private htpasswd
-  lineinfile:
-    dest: /etc/nginx/snippets/private_htpasswd
-    line: "{{ item }}"
-    state: present
-  with_items: "{{ nginx_private_htpasswd_present }}"
-  notify: reload nginx
-  tags:
-  - nginx
-
-- name: remove user:pwd from private htpasswd
-  lineinfile:
-    dest: /etc/nginx/snippets/private_htpasswd
-    line: "{{ item }}"
-    state: absent
-  with_items: "{{ nginx_private_htpasswd_absent }}"
-  notify: reload nginx
-  tags:
-  - nginx
-
-- name: nginx vhost is installed
-  template:
-    src: evolinux-default.conf.j2
-    dest: /etc/nginx/sites-available/evolinux-default.conf
-    mode: "0640"
-  notify: reload nginx
-  tags:
-  - nginx
-
-- name: default vhost is enabled
-  file:
-    src: /etc/nginx/sites-available/evolinux-default.conf
-    dest: /etc/nginx/sites-enabled/default.conf
-    state: link
-    force: yes
-  notify: reload nginx
-  when: nginx_evolinux_default_enabled
-  tags:
-  - nginx
-
-# - block:
-#   - name: generate random string for phpmyadmin suffix
-#     command: "apg -a 1 -M N -n 1"
-#     changed_when: False
-#     register: random_phpmyadmin_suffix
-#
-#   - name: overwrite nginx_phpmyadmin_suffix
-#     set_fact:
-#       nginx_phpmyadmin_suffix: "{{ random_phpmyadmin_suffix.stdout }}"
-#   when: nginx_phpmyadmin_suffix == ""
-#
-# - name: replace phpmyadmin suffix in default site index
-#   replace:
-#     dest: /var/www/index.html
-#     regexp: '__PHPMYADMIN_SUFFIX__'
-#     replace: "{{ nginx_phpmyadmin_suffix }}"
-#
-# - block:
-#   - name: generate random string for serverstatus suffix
-#     command: "apg -a 1 -M N -n 1"
-#     changed_when: False
-#     register: random_serverstatus_suffix
-#
-#   - name: overwrite nginx_serverstatus_suffix
-#     set_fact:
-#       nginx_serverstatus_suffix: "{{ random_phpmyadmin_suffix.stdout }}"
-#   when: nginx_serverstatus_suffix == ""
-#
-# - name: replace server-status suffix in default site index
-#   replace:
-#     dest: /var/www/index.html
-#     regexp: '__SERVERSTATUS_SUFFIX__'
-#     replace: "{{ nginx_serverstatus_suffix }}"
-
-- name: Verify that the service is enabled and started
-  service:
-    name: nginx
-    enabled: yes
-    state: started
-  tags:
-  - nginx
-
-- name: Check if Munin is installed
-  stat:
-    path: /etc/munin/plugin-conf.d/munin-node
-  check_mode: no
-  register: stat_munin_node
-  tags:
-  - nginx
-  - munin
-
-- include: munin_vhost.yml
-  when: stat_munin_node.stat.exists
-  tags:
-  - nginx
-  - munin
-
-- include: munin_graphs.yml
-  when: stat_munin_node.stat.exists
-  tags:
-  - nginx
-  - munin
-
-- include: logrotate.yml
+- include: main_regular.yml
+  when: not nginx_minimal
diff --git a/nginx-light/tasks/main.yml b/nginx/tasks/main_minimal.yml
similarity index 65%
rename from nginx-light/tasks/main.yml
rename to nginx/tasks/main_minimal.yml
index cc727f28..1cded8ea 100644
--- a/nginx-light/tasks/main.yml
+++ b/nginx/tasks/main_minimal.yml
@@ -1,5 +1,5 @@
 ---
-- name: Ensure Nginx (light) is installed
+- name: Ensure Nginx is installed
   apt:
     name: "{{ item }}"
     state: present
@@ -13,8 +13,8 @@
 
 - name: Copy default vhost
   template:
-    src: default.j2
-    dest: /etc/nginx/sites-available/default
+    src: evolinux-default.minimal.conf.j2
+    dest: /etc/nginx/sites-available/evolinux-default.minimal.conf
     mode: 0644
   notify: reload nginx
   tags:
@@ -23,8 +23,8 @@
 
 - name: Enable default vhost
   file:
-    src: /etc/nginx/sites-available/default
-    dest: /etc/nginx/sites-enabled/default
+    src: /etc/nginx/sites-available/evolinux-default.minimal.conf
+    dest: /etc/nginx/sites-enabled/default.conf
     state: link
   notify: reload nginx
   tags:
diff --git a/nginx/tasks/main_regular.yml b/nginx/tasks/main_regular.yml
new file mode 100644
index 00000000..7f11ed32
--- /dev/null
+++ b/nginx/tasks/main_regular.yml
@@ -0,0 +1,193 @@
+---
+
+- include: packages_jessie.yml
+  when: ansible_distribution_release == "jessie"
+
+- include: packages_stretch.yml
+  when: ansible_distribution_release == "stretch"
+
+# TODO: find a way to override the main configuration
+# without touching the main file
+
+- name: customize worker_connections
+  lineinfile:
+    dest: /etc/nginx/nginx.conf
+    regexp: '^(\s*worker_connections)\s+.+;'
+    line: '    worker_connections 1024;'
+    insertafter: 'events \{'
+  tags:
+  - nginx
+
+- name: use epoll
+  lineinfile:
+    dest: /etc/nginx/nginx.conf
+    regexp: '^(\s*use)\s+.+;'
+    line: '    use epoll;'
+    insertafter: 'events \{'
+  tags:
+  - nginx
+
+- name: Install Nginx http configuration
+  copy:
+    src: nginx/evolinux-defaults.conf
+    dest: /etc/nginx/conf.d/z-evolinux-defaults.conf
+    mode: "0640"
+    # force: yes
+  notify: reload nginx
+  tags:
+  - nginx
+
+# TODO: verify that those permissions are correct :
+# not too strict for private_ipaddr_whitelist
+# and not too loose for private_htpasswd
+
+- name: Copy private_ipaddr_whitelist
+  copy:
+    src: nginx/snippets/private_ipaddr_whitelist
+    dest: /etc/nginx/snippets/private_ipaddr_whitelist
+    owner: www-data
+    group: www-data
+    directory_mode: "0640"
+    mode: "0640"
+    force: no
+  notify: reload nginx
+  tags:
+  - nginx
+
+- name: add IP addresses to private IP whitelist
+  lineinfile:
+    dest: /etc/nginx/snippets/private_ipaddr_whitelist
+    line: "allow {{ item }};"
+    state: present
+  with_items: "{{ nginx_private_ipaddr_whitelist_present }}"
+  notify: reload nginx
+  tags:
+  - nginx
+
+- name: remove IP addresses from private IP whitelist
+  lineinfile:
+    dest: /etc/nginx/snippets/private_ipaddr_whitelist
+    line: "allow {{ item }};"
+    state: absent
+  with_items: "{{ nginx_private_ipaddr_whitelist_absent }}"
+  notify: reload nginx
+  tags:
+  - nginx
+
+- name: Copy private_htpasswd
+  copy:
+    src: nginx/snippets/private_htpasswd
+    dest: /etc/nginx/snippets/private_htpasswd
+    owner: www-data
+    group: www-data
+    directory_mode: "0640"
+    mode: "0640"
+    force: no
+  notify: reload nginx
+  tags:
+  - nginx
+
+- name: add user:pwd to private htpasswd
+  lineinfile:
+    dest: /etc/nginx/snippets/private_htpasswd
+    line: "{{ item }}"
+    state: present
+  with_items: "{{ nginx_private_htpasswd_present }}"
+  notify: reload nginx
+  tags:
+  - nginx
+
+- name: remove user:pwd from private htpasswd
+  lineinfile:
+    dest: /etc/nginx/snippets/private_htpasswd
+    line: "{{ item }}"
+    state: absent
+  with_items: "{{ nginx_private_htpasswd_absent }}"
+  notify: reload nginx
+  tags:
+  - nginx
+
+- name: nginx vhost is installed
+  template:
+    src: evolinux-default.conf.j2
+    dest: /etc/nginx/sites-available/evolinux-default.conf
+    mode: "0640"
+  notify: reload nginx
+  tags:
+  - nginx
+
+- name: default vhost is enabled
+  file:
+    src: /etc/nginx/sites-available/evolinux-default.conf
+    dest: /etc/nginx/sites-enabled/default.conf
+    state: link
+    force: yes
+  notify: reload nginx
+  when: nginx_evolinux_default_enabled
+  tags:
+  - nginx
+
+# - block:
+#   - name: generate random string for phpmyadmin suffix
+#     command: "apg -a 1 -M N -n 1"
+#     changed_when: False
+#     register: random_phpmyadmin_suffix
+#
+#   - name: overwrite nginx_phpmyadmin_suffix
+#     set_fact:
+#       nginx_phpmyadmin_suffix: "{{ random_phpmyadmin_suffix.stdout }}"
+#   when: nginx_phpmyadmin_suffix == ""
+#
+# - name: replace phpmyadmin suffix in default site index
+#   replace:
+#     dest: /var/www/index.html
+#     regexp: '__PHPMYADMIN_SUFFIX__'
+#     replace: "{{ nginx_phpmyadmin_suffix }}"
+#
+# - block:
+#   - name: generate random string for serverstatus suffix
+#     command: "apg -a 1 -M N -n 1"
+#     changed_when: False
+#     register: random_serverstatus_suffix
+#
+#   - name: overwrite nginx_serverstatus_suffix
+#     set_fact:
+#       nginx_serverstatus_suffix: "{{ random_phpmyadmin_suffix.stdout }}"
+#   when: nginx_serverstatus_suffix == ""
+#
+# - name: replace server-status suffix in default site index
+#   replace:
+#     dest: /var/www/index.html
+#     regexp: '__SERVERSTATUS_SUFFIX__'
+#     replace: "{{ nginx_serverstatus_suffix }}"
+
+- name: Verify that the service is enabled and started
+  service:
+    name: nginx
+    enabled: yes
+    state: started
+  tags:
+  - nginx
+
+- name: Check if Munin is installed
+  stat:
+    path: /etc/munin/plugin-conf.d/munin-node
+  check_mode: no
+  register: stat_munin_node
+  tags:
+  - nginx
+  - munin
+
+- include: munin_vhost.yml
+  when: stat_munin_node.stat.exists
+  tags:
+  - nginx
+  - munin
+
+- include: munin_graphs.yml
+  when: stat_munin_node.stat.exists
+  tags:
+  - nginx
+  - munin
+
+- include: logrotate.yml
diff --git a/nginx-light/templates/default.j2 b/nginx/templates/evolinux-default.minimal.conf.j2
similarity index 100%
rename from nginx-light/templates/default.j2
rename to nginx/templates/evolinux-default.minimal.conf.j2