Update ansible playbook

ansible_load_balancer/roles/ansible-role-nginx/meta/main.yml

@@ -1,6 +1,7 @@
 ---
 galaxy_info:
   author: "DAUPHANT Julien"
+  description: Ansible role to install Nginx.
   license: BSD
   min_ansible_version: 2.4
   platforms:

ansible_load_balancer/roles/ansible-role-nginx/tasks/amplify.yml

@@ -27,15 +27,19 @@
         path: "{{ nginx_amplify_script_path }}"
         state: absent
 
-  when: amplify_agent_installed.failed == true
+  when: amplify_agent_installed.failed|bool
   tags: [configuration, packages]
 
 - name: Update Amplify Agent if already installed and update flag is enabled
   package:
     name: nginx-amplify-agent
     state: latest
-  when: amplify_agent_installed.failed == false and nginx_amplify_update_agent == true
-  tags: [packages]
+  when:
+    - not amplify_agent_installed.failed|bool
+    - nginx_amplify_update_agent|bool
+  tags:
+    - packages
+    - skip_ansible_lint  # latest package version
 
 - name: Verify Amplify agent is up and running
   service:

ansible_load_balancer/roles/ansible-role-nginx/tasks/configuration.yml

@@ -1,4 +1,20 @@
 ---
+
+- name: Check if nginx mime.types file exists
+  stat:
+    path: "{{ nginx_conf_dir }}/mime.types"
+  register: nginx_mime_types_file
+  notify:
+    - reload nginx
+
+- name: Ensure mime.types file exists if it was missing
+  get_url:
+    url: https://raw.githubusercontent.com/nginx/nginx/master/conf/mime.types
+    dest: "{{ nginx_conf_dir }}/mime.types"
+  when: not nginx_mime_types_file.stat.exists|bool
+  notify:
+    - reload nginx
+
 - name: Copy the nginx configuration file
   template:
     src: nginx.conf.j2
@@ -36,7 +52,7 @@
 
 - name: Create the configurations for independent config file
   template:
-    src: config.conf.j2
+    src: "{{ item.value.template | default('config.conf.j2') }}"
     dest: "{{ nginx_conf_dir }}/conf.d/{{ item.key }}.conf"
   with_dict: "{{ nginx_configs }}"
   notify:
@@ -59,7 +75,10 @@
     - reload nginx
   when: nginx_stream_params or nginx_stream_configs
 
-- name: Create configuration files in modules-available (only for nginx official repo or custom modules, Centos/RHEL/Debian/Ubuntu EPEL/APT repo packages have these config files already)
+- name: |
+    Create configuration files in modules-available (only for nginx official
+    repo or custom modules, Centos/RHEL/Debian/Ubuntu EPEL/APT repo packages
+    have these config files already)
   template:
     src: module.conf.j2
     dest: "{{ nginx_conf_dir }}/modules-available/{{ item }}.conf"
@@ -122,4 +141,3 @@
   ignore_errors: "{{ ansible_check_mode }}"
   notify:
     - reload nginx
-

ansible_load_balancer/roles/ansible-role-nginx/tasks/ensure-dirs.yml

@@ -1,11 +1,11 @@
 ---
 - name: Create the directories for site specific configurations
   file:
-    path: "{{nginx_conf_dir}}/{{ item }}"
+    path: "{{ nginx_conf_dir }}/{{ item }}"
     state: directory
     owner: "{{ nginx_conf_user }}"
     group: "{{ nginx_conf_group }}"
-    mode: "{{nginx_dir_perm}}"
+    mode: "{{ nginx_dir_perm }}"
   with_items:
     - "sites-available"
     - "sites-enabled"
@@ -20,6 +20,6 @@
   file:
     path: "{{ nginx_log_dir }}"
     state: directory
-    owner: "{{nginx_log_user}}"
-    group: "{{nginx_log_group}}"
-    mode: "{{nginx_log_perm}}"
+    owner: "{{ nginx_log_user }}"
+    group: "{{ nginx_log_group }}"
+    mode: "{{ nginx_log_perm }}"

ansible_load_balancer/roles/ansible-role-nginx/tasks/main.yml

@@ -1,7 +1,9 @@
 ---
 
-- include_vars: "{{ item }}"
+- name: include OS dependent vars
+  include_vars: "{{ item }}"
   with_first_found:
+    - "../vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}" 
     - "../vars/{{ ansible_os_family }}.yml"
     - "../vars/empty.yml"
   when: nginx_load_default_vars
@@ -12,7 +14,7 @@
   tags: [packages, selinux, nginx]
 
 - include_tasks: nginx-official-repo.yml
-  when: nginx_official_repo == True
+  when: nginx_official_repo|bool
   tags: [packages, nginx]
 
 - include_tasks: installation.packages.yml
@@ -37,14 +39,14 @@
   tags: [configuration, nginx]
 
 - include_tasks: cloudflare_configuration.yml
-  when: nginx_set_real_ip_from_cloudflare == True
+  when: nginx_set_real_ip_from_cloudflare|bool
   tags: [configuration, nginx]
 
 - include_tasks: amplify.yml
-  when: nginx_amplify == true and (ansible_distribution in ['RedHat', 'CentOS', 'Debian', 'Amazon', 'Ubuntu'])
+  when: nginx_amplify|bool and (ansible_distribution in ['RedHat', 'CentOS', 'Debian', 'Amazon', 'Ubuntu'])
   tags: [amplify, nginx]
 
 - name: Start the nginx service
-  service: name={{ nginx_service_name }} state={{nginx_start_service | ternary('started', 'stopped')}} enabled={{nginx_start_at_boot}}
+  service: name={{ nginx_service_name }} state={{ nginx_start_service | ternary('started', 'stopped') }} enabled={{ nginx_start_at_boot }}
   when: nginx_installation_type in nginx_installation_types_using_service and nginx_daemon_mode == "on"
   tags: [service, nginx]

ansible_load_balancer/roles/ansible-role-nginx/tasks/remove-defaults.yml

@@ -1,14 +1,14 @@
 ---
 - name: Disable the default site
   file:
-    path: "{{nginx_conf_dir}}/sites-enabled/default"
+    path: "{{ nginx_conf_dir }}/sites-enabled/default"
     state: absent
   notify:
     - reload nginx
 
 - name: Disable the default site (on newer nginx versions)
   file:
-    path: "{{nginx_conf_dir}}/sites-enabled/default.conf"
+    path: "{{ nginx_conf_dir }}/sites-enabled/default.conf"
     state: absent
   notify:
     - reload nginx
@@ -17,7 +17,7 @@
 
 - name: Remove the default configuration
   file:
-    path: "{{nginx_conf_dir}}/conf.d/default.conf"
+    path: "{{ nginx_conf_dir }}/conf.d/default.conf"
     state: absent
   when: >
     'default' not in nginx_configs.keys()

ansible_load_balancer/roles/ansible-role-nginx/tasks/remove-extras.yml

@@ -1,12 +1,12 @@
 ---
 - name: Find enabled sites
-  shell: ls -1 {{nginx_conf_dir}}/sites-enabled || true
+  shell: ls -1 {{ nginx_conf_dir }}/sites-enabled || true
   register: enabled_sites
   changed_when: False
 
 - name: Disable unmanaged sites
   file:
-    path: "{{nginx_conf_dir}}/sites-enabled/{{ item }}"
+    path: "{{ nginx_conf_dir }}/sites-enabled/{{ item }}"
     state: absent
   with_items: "{{ enabled_sites.stdout_lines | default([]) }}"
   # 'item.conf' => 'item'
@@ -15,13 +15,13 @@
     - reload nginx
 
 - name: Find config files
-  shell: find {{nginx_conf_dir}}/conf.d -maxdepth 1 -type f -name '*.conf' -exec basename {} \;
+  shell: find {{ nginx_conf_dir }}/conf.d -maxdepth 1 -type f -name '*.conf' -exec basename {} \;
   register: config_files
   changed_when: False
 
 - name: Remove unmanaged config files
   file:
-    name: "{{nginx_conf_dir}}/conf.d/{{ item }}"
+    name: "{{ nginx_conf_dir }}/conf.d/{{ item }}"
     state: absent
   with_items: "{{ config_files.stdout_lines | default([]) }}"
   # 'item.conf' => 'item'

ansible_load_balancer/roles/ansible-role-nginx/tasks/remove-unwanted.yml

@@ -1,7 +1,7 @@
 ---
 - name: Remove unwanted sites
   file:
-    path: "{{nginx_conf_dir}}/{{ item[0] }}/{{ item[1] }}.conf"
+    path: "{{ nginx_conf_dir }}/{{ item[0] }}/{{ item[1] }}.conf"
     state: absent
   with_nested:
     - ['sites-enabled', 'sites-available']
@@ -11,7 +11,7 @@
 
 - name: Remove unwanted conf
   file:
-    path: "{{nginx_conf_dir}}/conf.d/{{ item }}.conf"
+    path: "{{ nginx_conf_dir }}/conf.d/{{ item }}.conf"
     state: absent
   with_items: "{{ nginx_remove_configs }}"
   notify:
@@ -27,7 +27,7 @@
 
 - name: Remove unwanted auth_basic_files
   file:
-    path: "{{nginx_conf_dir}}/auth_basic/{{ item }}"
+    path: "{{ nginx_conf_dir }}/auth_basic/{{ item }}"
     state: absent
   with_items: "{{ nginx_remove_auth_basic_files }}"
   notify:

ansible_load_balancer/roles/ansible-role-nginx/tasks/selinux.yml

@@ -1,13 +1,7 @@
 ---
-- name: Permanently set SElinux to allow nginx to set rlimit
-  shell: setsebool -P httpd_can_network_connect 1
+- name: Install the selinux python module
+  package: name={{ nginx_python_selinux_pkgs | default(omit) }} state=present
+  when: ansible_os_family == "RedHat" or ansible_os_family == "Debian"
 
-# I had to change this to an imperative command. The original ansible module just doesn't get the job done:
-
-#---
-#- name: Install the selinux python module
-#  package: name={{ nginx_python_selinux_pkgs | default(omit)}} state=present
-#  when: ansible_os_family == "RedHat" or ansible_os_family == "Debian"
-#
-#- name: Set SELinux boolean to allow nginx to set rlimit
-#  seboolean: name=httpd_setrlimit state=yes persistent=yes
+- name: Set SELinux boolean to allow nginx to set rlimit
+  seboolean: name=httpd_setrlimit state=yes persistent=yes

ansible_load_balancer/roles/ansible-role-nginx/vars/Debian-12.yml

@@ -0,0 +1,8 @@
+---
+nginx_user: www-data
+
+nginx_python_selinux_pkgs:
+  - python3-selinux
+  - python3-semanage
+
+nginx_modules_location: /usr/lib/nginx/modules

ansible_load_balancer/roles/ansible-role-nginx/vars/RedHat.yml

@@ -1,7 +1,7 @@
 ---
 nginx_python_selinux_pkgs:
-  - libselinux-python
-  - libsemanage-python
+  - python3-libselinux
+  - python3-libsemanage
 
 nginx_modules_location: /usr/lib64/nginx/modules