From 494ed77f8b9dfbfeabfdcf73cb7080a3b54aedcd Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Tue, 9 Jun 2020 14:44:21 +0200
Subject: [PATCH] Manage some logrotate options.

---
 defaults/main.yml         | 10 +++++++---
 tasks/main.yml            |  1 +
 tasks/nginx-config.yml    |  4 ++--
 tasks/nginx-logrotate.yml | 25 +++++++++++++++++++++++++
 4 files changed, 35 insertions(+), 5 deletions(-)
 create mode 100644 tasks/nginx-logrotate.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index cf21aa9..c866df1 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -79,14 +79,13 @@ nginx_pam_svc_name: nginx
 nginx_ldap_uri: "ldap://ldap.example.org"
 nginx_ldap_base_dn: "dc=example,dc=org"
 nginx_basic_auth: False
-nginx_basic_auth_users:
-  - { name: 'test', pwd: 'hide inside a vault file', file: '/etc/nginx/htpasswd' }
+nginx_basic_auth_users: []
+#  - { name: 'test', pwd: 'hide inside a vault file', file: '/etc/nginx/htpasswd' }
 # nginx_ldap_login_attribute: uid
 # nginx_ldap_pam_groupdn:
 nginx_webroot: /usr/share/nginx/html
 nginx_letsencrypt_managed: True
 nginx_websockets_support: False
-nginx_use_common_virthost: False
 # Set it to 'ssl http2' if the nginx version supports it
 nginx_ssl_type: ssl
 # When we do not use letsencrypt:
@@ -94,6 +93,11 @@ nginx_ssl_type: ssl
 # nginx_ssl_cert_key: '{{ pki_dir }}/keys/nginx.key'
 nginx_block_dotfiles: True
 
+# k,M,G
+nginx_logrotate_maxfilesize: "1G"
+nginx_logrotate_retention: "52"
+
+nginx_use_common_virthost: False
 # Virtualhost example
 # nginx_virthosts:
 #   - virthost_name: '{{ ansible_fqdn }}'
diff --git a/tasks/main.yml b/tasks/main.yml
index b0ed614..6f1e42d 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -6,6 +6,7 @@
 - import_tasks: nginx-config.yml
 - import_tasks: nginx-virtualhosts.yml
   when: nginx_use_common_virthost | bool
+- import_tasks: nginx-logrotate.yml
 - import_tasks: nginx-letsencrypt.yml
   when: letsencrypt_acme_install is defined and letsencrypt_acme_install
 - import_tasks: basic-auth.yml
diff --git a/tasks/nginx-config.yml b/tasks/nginx-config.yml
index 1f3b45e..47025be 100644
--- a/tasks/nginx-config.yml
+++ b/tasks/nginx-config.yml
@@ -31,7 +31,7 @@
       with_items: '{{ nginx_old_snippets }}'
       notify: Reload nginx
 
-  when: nginx_enabled | bool
+  when: nginx_enabled
   tags: [ 'nginx', 'nginx_conf', 'nginx_virtualhost' ]
 
 - block:
@@ -40,6 +40,6 @@
       notify: Reload nginx
   
   when:
-    - nginx_enabled | bool
+    - nginx_enabled
     - ansible_distribution_file_variety == "Debian"
   tags: [ 'nginx', 'nginx_conf', 'nginx_virtualhost' ]
diff --git a/tasks/nginx-logrotate.yml b/tasks/nginx-logrotate.yml
new file mode 100644
index 0000000..655cf5a
--- /dev/null
+++ b/tasks/nginx-logrotate.yml
@@ -0,0 +1,25 @@
+---
+- block:
+  - name: Manage the log rotate size
+    lineinfile:
+        path: /etc/logrotate.d/nginx
+        insertbefore: "notifempty"
+        unsafe_writes: no
+        create: no
+        state: present
+        firstmatch: yes
+        regexp: "maxsize.*$"
+        line: "        maxsize {{ nginx_logrotate_maxfilesize }}"
+
+  - name: Manage the log rotate size
+    lineinfile:
+        path: /etc/logrotate.d/nginx
+        insertbefore: "notifempty"
+        unsafe_writes: no
+        create: no
+        state: present
+        firstmatch: yes
+        regexp: "rotate.*$"
+        line: "        rotate {{ nginx_logrotate_retention }}"
+
+  tags: [ 'nginx', 'nginx_conf', 'nginx_logrotate' ]