.ansible-lint

@@ -0,0 +1,4 @@
+---
+
+enable_list:
+  - fqcn-builtins

.github/workflows/ci.yml

@@ -0,0 +1,43 @@
+---
+
+name: ci
+'on':
+  pull_request:
+  push:
+    branches:
+      - master
+
+jobs:
+
+  yaml-lint:
+    name: YAML Lint
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Fetch code
+        uses: actions/checkout@v3
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - name: Install test dependencies.
+        run: pip3 install yamllint
+
+      - name: Lint code.
+        run: |
+          yamllint .
+
+  ansible-lint:
+    name: Ansible Lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Fetch code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Run ansible-lint
+        uses: ansible/ansible-lint-action@v6.15.0

.github/workflows/galaxy.yml

@@ -0,0 +1,17 @@
+---
+
+name: Deploy on Ansible Galaxy
+
+'on':
+  - push
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v2
+      - name: galaxy
+        uses: robertdebock/galaxy-action@1.2.0
+        with:
+          galaxy_api_key: ${{ secrets.galaxy_api_key }}

.github/workflows/molecule.yml

@@ -0,0 +1,43 @@
+---
+
+name: Molecule
+
+'on':
+  pull_request:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        scenario:
+          - debian-10
+          - debian-11
+          - debian-12
+          - ubuntu-22.04
+        allowed-to-fail:
+          - false
+        include:
+          - scenario: ubuntu-20.04
+            allowed-to-fail: true
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          path: "${{ github.repository }}"
+
+      - name: Molecule
+        uses: gofrolist/molecule-action@v2.3.19
+        with:
+          molecule_options: --base-config molecule/_shared/base.yml
+          molecule_args: --scenario-name ${{ matrix.scenario }}
+          molecule_working_dir: "HanXHX/ansible-nginx"
+        continue-on-error: ${{ matrix.allowed-to-fail }}
+
+      - name: Fake command
+        run: echo "End of job"

.gitignore

@@ -2,3 +2,5 @@
 *.swp
 *.retry
 *.pyc
+/tests/hanxhx.php
+/.idea

.yamllint.yml

@@ -0,0 +1,6 @@
+---
+
+extends: default
+
+rules:
+  line-length: disable

README.md

@@ -1,7 +1,7 @@
 Nginx for Debian/FreeBSD Ansible role
 =====================================
 
-[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-HanXHX.nginx-blue.svg)](https://galaxy.ansible.com/HanXHX/nginx/) [![Build Status](https://travis-ci.org/HanXHX/ansible-nginx.svg?branch=master)](https://travis-ci.org/HanXHX/ansible-nginx)
+[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-HanXHX.nginx-blue.svg)](https://galaxy.ansible.com/HanXHX/nginx/) ![GitHub Workflow Status (master branch)](https://img.shields.io/github/actions/workflow/status/hanxhx/ansible-nginx/molecule.yml?branch=master)
 
 Install and configure Nginx on Debian/FreeBSD.
 
@@ -20,17 +20,23 @@ Features:
 
 Supported OS:
 
-| OS                 | Working | Stable (active support) |
-| ------------------ | ------- | ----------------------- |
-| Debian Jessie (8)  | Yes     | Yes                     |
-| Debian Stretch (9) | Yes     | Yes                     |
-| FreeBSD 11         | Yes     | No                      |
-| FreeBSD 12         | Yes     | No                      |
+| OS                   | Working | Stable (active support)                                                                              |
+|----------------------|---------|------------------------------------------------------------------------------------------------------|
+| Debian Jessie (8)    | Yes     | Check latest supported version ([1.5.0](https://github.com/HanXHX/ansible-nginx/releases/tag/1.5.0)) |
+| Debian Stretch (9)   | Yes     | Check latest supported version ([1.9.0](https://github.com/HanXHX/ansible-nginx/releases/tag/1.9.0)) | 
+| Debian Buster (10)   | Yes     | Yes                                                                                                  |
+| Debian Bullseye (11) | Yes     | Yes                                                                                                  |
+| Debian Bookworm (12) | Yes     | Not yet :)                                                                                           |
+| FreeBSD 11           | NA      | No                                                                                                   |
+| FreeBSD 12           | NA      | No                                                                                                   |
+| Ubuntu 20.04         | Yes     | Yes                                                                                                  |
+| Ubuntu 22.04         | Yes     | Yes                                                                                                  |
 
 Requirements
 ------------
 
-None. If you set true to `nginx_backports`, you must install backports repository before lauching this role.
+- Ansible >=2.11
+- If you set true to `nginx_backports`, you must install backports repository before lauching this role.
 
 Role Variables
 --------------
@@ -54,6 +60,7 @@ FreeBSD:
 - `nginx_error_log_level`: default log level
 - `nginx_auto_config_httpv2`: boolean, auto configure HTTP2 where possible
 - `nginx_fastcgi_fix_realpath`: boolean, use realpath for fastcgi (fix problems with symlinks and PHP opcache)
+- `nginx_default_hsts`: string, default header sent for HSTS
 
 ### Nginx Configuration
 
@@ -62,13 +69,14 @@ FreeBSD:
 - `nginx_pid`: daemon pid file
 - `nginx_events_*`: all variables in events block
 - `nginx_http_*`: all variables in http block
+- `nginx_custom_core`: instructions list (for core, will put data in `/etc/nginx/nginx.conf`)
 - `nginx_custom_http`: instructions list (will put data in `/etc/nginx/conf.d/custom.conf`)
 - `nginx_module_packages`: package list module to install (Debian)
 - `nginx_load_modules`: module list to load (full path), should be used only on FreeBSD
 
 ### Misc
 
-- `nginx_debug_role`: set _true_ if you need to see output of no\_log tasks 
+- `nginx_debug_role`: set _true_ if you need to see output of no\_log tasks
 
 About modules
 -------------
@@ -95,14 +103,34 @@ Fine configuration
 Note
 ----
 
-- Active support for Debian.
-- FreeBSD support is experimental (no Travis). I only test (for the moment) 10.2 (but it can work on other versions).
-- I don't manage BackupPC for FreeBSD (PR welcome).
+- Active support for Debian/Ubuntu.
+- FreeBSD support is experimental. I only test (for the moment) 10.2 (but it can work on other versions).
 
 Dependencies
 ------------
 
-None
+See: [requirements.yml](requirements.yml).
+
+
+If you need to dev this role locally on Vagrant
+------------------------------------------------
+
+Before use vagrant, run once:
+
+```commandline
+ansible-galaxy install -p ./tests/ HanXHX.php,master
+```
+
+If you need to dev this role locally with molecule
+--------------------------------------------------
+
+Check available scenarios in [molecule](molecule) directory.
+
+With `debian-12` scenario:
+
+```commandline
+molecule -v -c molecule/_shared/base.yml verify -s debian-12
+```
 
 Example Playbook
 ----------------

Vagrantfile

@@ -6,24 +6,18 @@
 Vagrant.configure("2") do |config|
 
   vms_debian = [
-    { :name => "debian-jessie", :box => "debian/jessie64", :vars => { "nginx_php": [{"version": "5.6"}] }},
-    { :name => "debian-jessie-backports", :box => "debian/jessie64", :vars => { "nginx_php": [{"version": "5.6"}], "nginx_backports": true }},
-    { :name => "debian-jessie-dotdeb", :box => "debian/jessie64", :vars => { "nginx_php": [{"version": "7.0"}, {"version": "5.6", "upstream_name": "legacy"} ], "dotdeb": true }},
-    { :name => "debian-stretch", :box => "debian/stretch64", :vars => { "nginx_php": [{"version": "7.0"}] }},
-    { :name => "debian-stretch-sury", :box => "debian/stretch64", :vars => { "nginx_php": [{"version": "7.1"}], "sury": true }}
+    { :name => "debian-buster", :box => "debian/buster64", :vars => {} },
+    { :name => "debian-bullseye", :box => "debian/bullseye64", :vars => {} }
   ]
 
   vms_freebsd = [
-    { :name => "freebsd-11", :box => "freebsd/FreeBSD-11.1-STABLE",  :vars => {} },
-    { :name => "freebsd-12", :box => "freebsd/FreeBSD-12.0-CURRENT", :vars => {} }
+    { :name => "freebsd-11", :box => "freebsd/FreeBSD-11.3-STABLE", :vars => {} },
+    { :name => "freebsd-12", :box => "freebsd/FreeBSD-12.1-STABLE", :vars => {} }
   ]
 
   conts = [
-    { :name => "docker-debian-jessie", :docker => "hanxhx/vagrant-ansible:debian8", :vars => { "nginx_php" => [{"version" => "5.6"}] }},
-    { :name => "docker-debian-jessie-backports", :docker => "hanxhx/vagrant-ansible:debian8", :vars => { "nginx_php": [{"version": "5.6"}], "nginx_backports": true }},
-    { :name => "docker-debian-jessie-dotdeb", :docker => "hanxhx/vagrant-ansible:debian8", :vars => { "nginx_php": [{"version": "7.0"}, {"version": "5.6", "upstream_name": "legacy"} ], "dotdeb": true }},
-    { :name => "docker-debian-stretch", :docker => "hanxhx/vagrant-ansible:debian9", :vars => { "nginx_php": [{"version": "7.0"}] }},
-    { :name => "docker-debian-stretch-sury", :docker => "hanxhx/vagrant-ansible:debian9", :vars => { "nginx_php": [{"version": "7.1"}], "sury": true }}
+    { :name => "docker-debian-buster", :docker => "hanxhx/vagrant-ansible:debian10", :vars => {} },
+    { :name => "docker-debian-bullseye", :docker => "hanxhx/vagrant-ansible:debian11", :vars => {} },
   ]
 
   config.vm.network "private_network", type: "dhcp"
@@ -36,11 +30,16 @@ Vagrant.configure("2") do |config|
         d.remains_running = true
         d.has_ssh = true
       end
+
+      if opts[:name].include? "bullseye"
+        m.vm.provision "shell", inline: "[ -f '/root/first_provision' ] || (apt-get update -qq && apt-get -y dist-upgrade && touch /root/first_provision)"
+      end
+
       m.vm.provision "ansible" do |ansible|
         ansible.playbook = "tests/test.yml"
         ansible.verbose = 'vv'
         ansible.become = true
-        ansible.extra_vars = opts[:vars].merge({ "nginx_debug_role": true })
+        ansible.extra_vars = opts[:vars].merge({ "nginx_debug_role": true, is_docker: true })
       end
     end
   end
@@ -52,6 +51,11 @@ Vagrant.configure("2") do |config|
         v.cpus = 1
         v.memory = 256
       end
+
+      if opts[:name].include? "bullseye"
+        m.vm.provision "shell", inline: "[ -f '/root/first_provision' ] || (apt-get update -qq && apt-get -y dist-upgrade && touch /root/first_provision)"
+      end
+
       m.vm.provision "ansible" do |ansible|
         ansible.playbook = "tests/test.yml"
         ansible.verbose = 'vv'
@@ -70,7 +74,7 @@ Vagrant.configure("2") do |config|
         v.cpus = 2
         v.memory = 512
       end
-      m.vm.provision "shell", inline: "pkg install -y python bash"
+      m.vm.provision "shell", inline: "[ -e /usr/local/bin/bash ] || pkg install -y python bash"
       m.vm.provision "ansible" do |ansible|
         ansible.playbook = "tests/test.yml"
         ansible.verbose = 'vv'

defaults/main.yml

@@ -14,18 +14,19 @@ nginx_log_dir: '/var/log/nginx'
 nginx_resolver_hosts: ['8.8.8.8', '8.8.4.4']
 nginx_resolver_valid: '300s'
 nginx_resolver_timeout: '5s'
-nginx_error_log_level: 'warn' # http://nginx.org/en/docs/ngx_core_module.html#error_log
+nginx_error_log_level: 'warn'   # http://nginx.org/en/docs/ngx_core_module.html#error_log
 nginx_auto_config_httpv2: true
 nginx_default_site: null
 nginx_default_site_ssl: null
 nginx_fastcgi_fix_realpath: true
+nginx_default_hsts: 'max-age=63072000; includeSubDomains'
 
 #
 # Nginx directories
 #
 nginx_htpasswd_dir: '{{ nginx_etc_dir }}/htpasswd'
 nginx_ssl_dir: '{{ nginx_etc_dir }}/ssl'
-nginx_helper_dir: '{{ nginx_etc_dir}}/helper'
+nginx_helper_dir: '{{ nginx_etc_dir }}/helper'
 
 #
 # Load upstream
@@ -83,6 +84,19 @@ nginx_http_gzip_disable: '"msie6"'
 # Custom global configuration
 #
 nginx_custom_http: []
+nginx_custom_core: []
+
+#
+# Nginx default
+#
+nginx_default_listen:
+  - '80'
+  - '[::]:80'
+nginx_default_listen_ssl:
+  - '443'
+  - '[::]:443'
+nginx_default_listen_proxy_protocol: []
+nginx_default_listen_proxy_protocol_ssl: []
 
 #
 # Sites