From db109326d889273bc094527613b8d8e8210d0bf6 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Thu, 27 May 2021 19:41:22 +0200
Subject: [PATCH] Support the nginx.org PPA and its modules.

---
 defaults/main.yml      |  8 ++++++++
 tasks/nginx-config.yml | 38 ++++++++++++++++++++++++++++++++++++++
 tasks/nginx-deb.yml    | 38 +++++++++++++++++++++++++++++++++++---
 vars/main.yml          |  2 --
 4 files changed, 81 insertions(+), 5 deletions(-)
 delete mode 100644 vars/main.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index d3c6b3b..16d9897 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,7 +2,15 @@
 nginx_enabled: True
 nginx_use_ppa: False
 nginx_ppa_repo: ppa:nginx/stable
+nginx_use_nginx_com_repo: False
+nginx_com_repo_key: 'https://nginx.org/keys/nginx_signing.key'
+nginx_com_repo: 'deb http://nginx.org/packages/ubuntu/ bionic nginx'
 nginx_package_state: present
+
+nginx_com_modules: []
+#  - pkg_name: nginx-module-njs
+#    mod_name: ngx_http_js_module.so
+#    enabled: yes
 # See https://mozilla.github.io/server-side-tls/ssl-config-generator/
 nginx_ssl_level: intermediate
 
diff --git a/tasks/nginx-config.yml b/tasks/nginx-config.yml
index 47025be..ba0a9de 100644
--- a/tasks/nginx-config.yml
+++ b/tasks/nginx-config.yml
@@ -22,6 +22,44 @@
       with_items: '{{ nginx_conf_snippets }}'
       notify: Reload nginx
 
+    - name: Create the modules- directories
+      file:
+        dest: '/etc/nginx/modules-{{ item }}'
+        state: directory
+      loop:
+        - available
+        - enabled
+
+    - name: Install the modules configurations
+      copy:
+        content: "load_module modules/{{ item.mod_name }};"
+        dest: /etc/nginx/modules-available/{{ item.pkg_name }}.conf
+      loop: '{{ nginx_com_modules }}'
+      when:
+        - item.enabled
+        - nginx_use_nginx_com_repo
+
+    - name: Enable the additional modules
+      file:
+        src: /etc/nginx/modules-available/{{ item.pkg_name }}.conf
+        dest: /etc/nginx/modules-enabled/{{ item.pkg_name }}.conf
+        state: link
+      when: item.enabled
+      loop: '{{ nginx_com_modules }}'
+
+    - name: Disable the additional modules that we do not want installed
+      file:
+        dest: /etc/nginx/modules-enabled/{{ item.pkg_name }}.conf
+        state: absent
+      when: not item.enabled
+      loop: '{{ nginx_com_modules }}'
+
+    - name: Remove the default configuration when using the nginx.com repository
+      file:
+        dest: /etc/nginx/conf.d/default.conf
+        state: absent
+      when: nginx_use_nginx_com_repo
+
     - name: Install the main nginx.conf
       template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf mode=444
       notify: Reload nginx
diff --git a/tasks/nginx-deb.yml b/tasks/nginx-deb.yml
index 5ddc9b7..bf05a2b 100644
--- a/tasks/nginx-deb.yml
+++ b/tasks/nginx-deb.yml
@@ -4,9 +4,28 @@
     apt_repository: repo='{{ nginx_ppa_repo }}' update_cache=yes
     when:
       - nginx_use_ppa
-      - "'{{ ansible_distribution }}' == 'Ubuntu'"
+      - ansible_distribution == 'Ubuntu'
     tags: [ 'nginx', 'nginx_ppa' ]
 
+  - name: Install the key of the nginx.com repository
+    apt_key:
+      url: '{{ nginx_com_repo_key }}'
+      state: present
+    when:
+      - nginx_use_nginx_com_repo
+      - ansible_distribution == 'Ubuntu'
+    tags: [ 'nginx', 'nginx_com_ppa' ]
+
+  - name: Install the nginx.com repository configuration
+    apt_repository:
+      repo: '{{ nginx_com_repo }}'
+      update_cache: yes
+      filename: nginx_com
+    when:
+      - nginx_use_nginx_com_repo
+      - ansible_distribution == 'Ubuntu'
+    tags: [ 'nginx', 'nginx_com_ppa' ]
+
   - name: Install the nginx web server
     apt: pkg=nginx-full state={{ nginx_package_state }} cache_valid_time=1800
     when:
@@ -20,8 +39,21 @@
       - ansible_distribution_major_version <= '14'
 
   - name: Install the nginx web server on Ubuntu >= 16.04
-    apt: pkg=nginx state={{ nginx_package_state }} cache_valid_time=1800
+    apt:
+      pkg: nginx
+      state: present
+      cache_valid_time: 1800
     when: ansible_distribution_major_version >= '16'
 
+  - name: Install the nginx.com additional modules
+    apt:
+      pkg: '{{ item.pkg_name }}'
+      state: present
+      cache_valid_time: 1800
+    loop: '{{ nginx_com_modules }}'
+    when:
+      - nginx_use_nginx_com_repo
+      - ansible_distribution_major_version >= '16'
+
   when: ansible_distribution_file_variety == "Debian"
-  tags: nginx
\ No newline at end of file
+  tags: [ nginx ]
\ No newline at end of file
diff --git a/vars/main.yml b/vars/main.yml
deleted file mode 100644
index 3808477..0000000
--- a/vars/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-# vars file for ansible-role-template
\ No newline at end of file