Merge pull request #248 from jon4hz/master

feat: support suse

.ansible-lint

@@ -0,0 +1,3 @@
+skip_list:
+  - 'yaml'
+  - 'role-name'

.github/FUNDING.yml

@@ -0,0 +1,4 @@
+# These are supported funding model platforms
+---
+github: geerlingguy
+patreon: geerlingguy

.github/workflows/ci.yml

@@ -0,0 +1,68 @@
+---
+name: CI
+'on':
+  pull_request:
+  push:
+    branches:
+      - master
+  schedule:
+    - cron: "0 6 * * 3"
+
+defaults:
+  run:
+    working-directory: 'geerlingguy.nginx'
+
+jobs:
+
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v4
+        with:
+          path: 'geerlingguy.nginx'
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install test dependencies.
+        run: pip3 install yamllint
+
+      - name: Lint code.
+        run: |
+          yamllint .
+
+  molecule:
+    name: Molecule
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        distro:
+          - rockylinux9
+          - ubuntu2204
+          - debian12
+          - opensuseleap15
+
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v4
+        with:
+          path: 'geerlingguy.nginx'
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install test dependencies.
+        run: pip3 install ansible molecule molecule-plugins[docker] docker
+
+      - name: Run Molecule tests.
+        run: molecule test
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+          MOLECULE_DISTRO: ${{ matrix.distro }}

.github/workflows/release.yml

@@ -0,0 +1,40 @@
+---
+# This workflow requires a GALAXY_API_KEY secret present in the GitHub
+# repository or organization.
+#
+# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
+# See: https://github.com/ansible/galaxy/issues/46
+
+name: Release
+'on':
+  push:
+    tags:
+      - '*'
+
+defaults:
+  run:
+    working-directory: 'geerlingguy.nginx'
+
+jobs:
+
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v4
+        with:
+          path: 'geerlingguy.nginx'
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install Ansible.
+        run: pip3 install ansible-core
+
+      - name: Trigger a new import on Galaxy.
+        run: >-
+          ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }}
+          $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)

.github/workflows/stale.yml

@@ -0,0 +1,34 @@
+---
+name: Close inactive issues
+'on':
+  schedule:
+    - cron: "55 18 * * 6"  # semi-random time
+
+jobs:
+  close-issues:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v8
+        with:
+          days-before-stale: 120
+          days-before-close: 60
+          exempt-issue-labels: bug,pinned,security,planned
+          exempt-pr-labels: bug,pinned,security,planned
+          stale-issue-label: "stale"
+          stale-pr-label: "stale"
+          stale-issue-message: |
+            This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
+            
+            Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
+          close-issue-message: |
+            This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
+          stale-pr-message: |
+            This pr has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
+            
+            Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
+          close-pr-message: |
+            This pr has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
+          repo-token: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -1,3 +1,7 @@
 *.retry
 */__pycache__
 *.pyc
+.cache
+
+venv/
+.vscode/

.travis.yml

@@ -1,29 +0,0 @@
----
-language: python
-services: docker
-
-env:
-  global:
-    - ROLE_NAME: nginx
-  matrix:
-    - MOLECULE_DISTRO: centos7
-    - MOLECULE_DISTRO: ubuntu1804
-    - MOLECULE_DISTRO: ubuntu1604
-    - MOLECULE_DISTRO: debian9
-
-install:
-  # Install test dependencies.
-  - pip install molecule docker
-
-before_script:
-  # Use actual Ansible Galaxy role name for the project directory.
-  - cd ../
-  - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
-  - cd geerlingguy.$ROLE_NAME
-
-script:
-  # Run tests.
-  - molecule test
-
-notifications:
-  webhooks: https://galaxy.ansible.com/api/v1/notifications/

.yamllint

@@ -1,6 +1,10 @@
 ---
 extends: default
+
 rules:
   line-length:
     max: 120
     level: warning
+
+ignore: |
+  .github/workflows/stale.yml

README.md

@@ -1,6 +1,6 @@
 # Ansible Role: Nginx
 
-[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-nginx.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-nginx)
+[![CI](https://github.com/geerlingguy/ansible-role-nginx/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-nginx/actions?query=workflow%3ACI)
 
 **Note:** Please consider using the official [NGINX Ansible role](https://github.com/nginxinc/ansible-role-nginx) from NGINX, Inc.
 
@@ -16,6 +16,11 @@ None.
 
 Available variables are listed below, along with default values (see `defaults/main.yml`):
 
+
+    nginx_listen_ipv6: true
+
+Whether or not to listen on IPv6 (applied to all vhosts managed by this role).
+
     nginx_vhosts: []
 
 A list of vhost definitions (server blocks) for Nginx virtual hosts. Each entry will create a separate config file named by `server_name`. If left empty, you will need to supply your own virtual host configuration. See the commented example in `defaults/main.yml` for available server options. If you have a large number of customizations required for your server definition(s), you're likely better off managing the vhost configuration file yourself, leaving this variable set to `[]`.
@@ -77,7 +82,7 @@ The user under which Nginx will run. Defaults to `nginx` for RedHat, `www-data`
 `nginx_worker_processes` should be set to the number of cores present on your machine (if the default is incorrect, find this number with `grep processor /proc/cpuinfo | wc -l`). `nginx_worker_connections` is the number of connections per process. Set this higher to handle more simultaneous connections (and remember that a connection will be used for as long as the keepalive timeout duration for every client!). You can set `nginx_multi_accept` to `on` if you want Nginx to accept all connections immediately.
 
     nginx_error_log: "/var/log/nginx/error.log warn"
-    nginx_access_log: "/var/log/nginx/access.log main buffer=16k"
+    nginx_access_log: "/var/log/nginx/access.log main buffer=16k flush=2m"
 
 Configuration of the default error and access logs. Set to `off` to disable a log entirely.
 
@@ -150,6 +155,10 @@ Configures Nginx's [`log_format`](http://nginx.org/en/docs/http/ngx_http_log_mod
 
 (For RedHat/CentOS only) Set this to `false` to disable the installation of the `nginx` yum repository. This could be necessary if you want the default OS stable packages, or if you use Satellite.
 
+    nginx_zypper_repo_enabled: true
+
+(For Suse only) Set this to `false` to disable the installation of the `nginx` zypper repository. This could be necessary if you want the default OS stable packages, or if you use Suse Manager.
+
     nginx_service_state: started
     nginx_service_enabled: yes
 

defaults/main.yml

@@ -5,6 +5,9 @@ nginx_default_release: ""
 # Used only for Redhat installation, enables source Nginx repo.
 nginx_yum_repo_enabled: true
 
+# Used only for Suse installation, enables source Nginx repo.
+nginx_zypper_repo_enabled: true
+
 # Use the official Nginx PPA for Ubuntu, and the version to use if so.
 nginx_ppa_use: false
 nginx_ppa_version: stable
@@ -30,8 +33,8 @@ nginx_sendfile: "on"
 nginx_tcp_nopush: "on"
 nginx_tcp_nodelay: "on"
 
-nginx_keepalive_timeout: "65"
-nginx_keepalive_requests: "100"
+nginx_keepalive_timeout: "75"
+nginx_keepalive_requests: "600"
 
 nginx_server_tokens: "on"
 
@@ -57,6 +60,10 @@ nginx_extra_http_options: ""
 #      proxy_set_header   Host $http_host;
 
 nginx_remove_default_vhost: false
+
+# Listen on IPv6 (default: true)
+nginx_listen_ipv6: true
+
 nginx_vhosts: []
 # Example vhost below, showing all available options:
 # - listen: "80" # default: "80"
@@ -78,11 +85,10 @@ nginx_upstreams: []
 # - name: myapp1
 #   strategy: "ip_hash" # "least_conn", etc.
 #   keepalive: 16 # optional
-#   servers: {
-#     "srv1.example.com",
-#     "srv2.example.com weight=3",
-#     "srv3.example.com"
-#   }
+#   servers:
+#     - "srv1.example.com"
+#     - "srv2.example.com weight=3"
+#     - "srv3.example.com"
 
 nginx_log_format: |-
   '$remote_addr - $remote_user [$time_local] "$request" '

handlers/main.yml

@@ -8,3 +8,4 @@
 
 - name: reload nginx
   service: name=nginx state=reloaded
+  when: nginx_service_state == "started"

meta/main.yml

@@ -2,16 +2,13 @@
 dependencies: []
 
 galaxy_info:
+  role_name: nginx
   author: geerlingguy
   description: Nginx installation for Linux, FreeBSD and OpenBSD.
   company: "Midwestern Mac, LLC"
   license: "license (BSD, MIT)"
-  min_ansible_version: 2.4
+  min_ansible_version: 2.10
   platforms:
-    - name: EL
-      versions:
-        - 6
-        - 7
     - name: Debian
       versions:
         - all
@@ -19,6 +16,7 @@ galaxy_info:
       versions:
         - trusty
         - xenial
+        - focal
     - name: Archlinux
       versions:
         - all

molecule/default/molecule.yml

@@ -1,29 +1,21 @@
 ---
+role_name_check: 1
 dependency:
   name: galaxy
+  options:
+    ignore-errors: true
 driver:
   name: docker
-lint:
-  name: yamllint
-  options:
-    config-file: molecule/default/yaml-lint.yml
 platforms:
   - name: instance
-    image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
+    image: "geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux8}-ansible:latest"
     command: ${MOLECULE_DOCKER_COMMAND:-""}
     volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
     privileged: true
     pre_build_image: true
 provisioner:
   name: ansible
-  lint:
-    name: ansible-lint
   playbooks:
-    converge: ${MOLECULE_PLAYBOOK:-playbook.yml}
-scenario:
-  name: default
-verifier:
-  name: testinfra
-  lint:
-    name: flake8
+    converge: ${MOLECULE_PLAYBOOK:-converge.yml}

tasks/main.yml

@@ -10,7 +10,7 @@
 
 # Setup/install tasks.
 - include_tasks: setup-RedHat.yml
-  when: ansible_os_family == 'RedHat'
+  when: ansible_os_family == 'RedHat' or ansible_os_family == 'Rocky' or ansible_os_family == 'AlmaLinux'
 
 - include_tasks: setup-Ubuntu.yml
   when: ansible_distribution == 'Ubuntu'
@@ -27,6 +27,9 @@
 - include_tasks: setup-Archlinux.yml
   when: ansible_os_family == 'Archlinux'
 
+- include_tasks: setup-Suse.yml
+  when: ansible_os_family == 'Suse'
+
 # Vhost configuration.
 - import_tasks: vhosts.yml
 

tasks/setup-FreeBSD.yml

@@ -1,6 +1,8 @@
 ---
 - name: Update pkg cache.
   command: pkg update -f
+  environment:
+    ASSUME_ALWAYS_YES: "yes"
   tags: ['skip_ansible_lint']
 
 - name: Ensure nginx is installed.
@@ -12,3 +14,4 @@
   file:
     path: /var/log/nginx
     state: directory
+    mode: 0755

tasks/setup-OpenBSD.yml

@@ -8,3 +8,4 @@
   file:
     path: /var/log/nginx
     state: directory
+    mode: 0755

tasks/setup-Suse.yml

@@ -0,0 +1,14 @@
+---
+- name: Enable nginx repo.
+  zypper_repository:
+    name: nginx
+    repo: http://nginx.org/packages/sles/{{ ansible_distribution_major_version }}
+    state: present
+    disable_gpg_check: true
+    autorefresh: true
+  when: nginx_zypper_repo_enabled | bool
+
+- name: Ensure nginx is installed.
+  package:
+    name: "{{ nginx_package_name }}"
+    state: present

tasks/setup-Ubuntu.yml

@@ -1,5 +1,10 @@
 ---
-- name: Add PPA for Nginx.
+- name: Ensure dirmngr is installed (gnupg dependency).
+  apt:
+    name: dirmngr
+    state: present
+
+- name: Add PPA for Nginx (if configured).
   apt_repository:
     repo: 'ppa:nginx/{{ nginx_ppa_version }}'
     state: present
@@ -9,7 +14,7 @@
 
 - name: Ensure nginx will reinstall if the PPA was just added.
   apt:
-    name: nginx
+    name: "{{ nginx_package_name }}"
     state: absent
-  when: nginx_ppa_added.changed
+  when: nginx_ppa_added is changed
   tags: ['skip_ansible_lint']

tasks/vhosts.yml

@@ -10,6 +10,7 @@
   file:
     path: "{{ nginx_vhost_path }}"
     state: directory
+    mode: 0755
   notify: reload nginx
 
 - name: Add managed vhost config files.

templates/vhost.j2

@@ -2,6 +2,9 @@
 {% if item.server_name_redirect is defined %}
 server {
     listen       {{ item.listen | default('80') }};
+{% if nginx_listen_ipv6 %}
+    listen       [::]:{{item.listen | default('80') }};
+{% endif %}
     server_name  {{ item.server_name_redirect }};
     return       301 $scheme://{{ item.server_name.split(' ')[0] }}$request_uri;
 }
@@ -13,6 +16,9 @@ server {
 
     {% block server_basic -%}
     listen {{ item.listen | default('80') }};
+{% if nginx_listen_ipv6 %}
+    listen       [::]:{{item.listen | default('80') }};
+{% endif %}
 
 {% if item.server_name is defined %}
     server_name {{ item.server_name }};

vars/AlmaLinux.yml

@@ -0,0 +1,9 @@
+---
+root_group: root
+nginx_conf_path: /etc/nginx/conf.d
+nginx_conf_file_path: /etc/nginx/nginx.conf
+nginx_mime_file_path: /etc/nginx/mime.types
+nginx_pidfile: /var/run/nginx.pid
+nginx_vhost_path: /etc/nginx/conf.d
+nginx_default_vhost_path: /etc/nginx/conf.d/default.conf
+__nginx_user: "nginx"

vars/Rocky.yml

@@ -0,0 +1,9 @@
+---
+root_group: root
+nginx_conf_path: /etc/nginx/conf.d
+nginx_conf_file_path: /etc/nginx/nginx.conf
+nginx_mime_file_path: /etc/nginx/mime.types
+nginx_pidfile: /var/run/nginx.pid
+nginx_vhost_path: /etc/nginx/conf.d
+nginx_default_vhost_path: /etc/nginx/conf.d/default.conf
+__nginx_user: "nginx"

vars/Suse.yml

@@ -0,0 +1,9 @@
+---
+root_group: root
+nginx_conf_path: /etc/nginx/conf.d
+nginx_conf_file_path: /etc/nginx/nginx.conf
+nginx_mime_file_path: /etc/nginx/mime.types
+nginx_pidfile: /var/run/nginx.pid
+nginx_vhost_path: /etc/nginx/conf.d
+nginx_default_vhost_path: /etc/nginx/conf.d/default.conf
+__nginx_user: "nginx"