include all changes from sdm

README.md

@@ -54,10 +54,17 @@ Variables
     * The SSL CA certificate for the service.
   * default: ""
 
-* www_serverhostname: 
+* www_ssl_selfsigned:
+  * description:
+    * This option specifies if selfsigned SSL certificates are used.
+    * If it is `true` the selfsigned SSL certificates are generated.
+  * choices: [false, true]
+  * default: false
+
+* www_servername: 
   * description:
     * The default name of der www hostname.
-  * default: "nextcloud.local"
+  * default: "{{ inventory_hostname }}"
 
 * www_ssl_cert_dest_path: 
   * description:
@@ -84,6 +91,12 @@ Variables
     * The standard log-file directory
   * default: "/var/log/nginx/" 
 
+* www_php_enable
+  * description:
+    * If this option is `true`, the PHP FPM will be installed.
+  * choices: [false, true]
+  * default: true 
+
 Processes
 =========
 
@@ -91,11 +104,13 @@ main
 ----
 1. create www group
 2. create www user
+3. install PHP if www_php_enable is `true`
 
 configure
 ---------
 1. create and configure www directory
-2. configure SSL if www_ssl_priv_key and www_ssl_cert are set
+2. configure PHP if www_php_enable is `true`
+3. configure SSL if www_ssl_priv_key and www_ssl_cert or www_ssl_selfsigned are set
    
 License
 =======

defaults/main.yml

@@ -6,6 +6,8 @@ www_group: "www"
 www_ssl_priv_key: ""
 www_ssl_cert: ""
 www_ssl_ca_cert: ""
+www_ssl_selfsign: false
+www_servername: "{{ inventory_hostname }}"
 www_mimetypes: []
 www_list_directory: false
 www_index_files: ["index.html"]
@@ -13,4 +15,5 @@ www_port: 80
 www_ssl_port: 443 
 www_hsts: "no"
 www_max_upload_size: "512M"
-www_log_files: "/var/log/nginx/"
+www_log_files: "/var/log"
+www_php_enable: true

molecule/default/converge.yml

@@ -3,9 +3,7 @@
   hosts: all
   vars:
     system_config_directory: "/etc"
-    www_ssl_priv_key: "/tmp/ssl_priv_key.pem"
-    www_ssl_cert: "/tmp/ssl_pub_key.pem"
-
+    www_ssl_selfsign: true
   tasks:
     - name: "test install package.www"
       sdm.oor.call_role:

molecule/default/molecule.yml

@@ -10,7 +10,7 @@ platforms:
   - name: debian 
     registry: 
        url: gitlab.mn.tu-dresden.de:8000
-    image: sdmgroup/containers/debian10:latest
+    image: sdmgroup/containers/debian11:latest
     command: /lib/systemd/systemd
     pre_build_image: false
   

tasks/_selfsignedcerts.yml

+---
+
+- name: "generate path for SSL private key"
+  sdm.oor.set_role_fact:
+    www_ssl_priv_key: "{{ '/tmp/ssl_priv_key_%s.pem' | format(inventory_hostname) }}"
+
+- name: "generate path for SSL certificate key"
+  sdm.oor.set_role_fact:
+    _www_ssl_csr: "{{ '/tmp/ssl_pub_key_%s.csr' | format(inventory_hostname) }}"
+
+- name: "generate path for SSL certificate key"
+  sdm.oor.set_role_fact:
+    www_ssl_cert: "{{ '/tmp/ssl_pub_key_%s.pem' | format(inventory_hostname) }}"
+
+- block: 
+  - name: "create SSL private key"
+    community.crypto.openssl_privatekey:
+      path: "{{ www_ssl_priv_key }}" 
+
+  - name: "create certificate signing request (CSR) for self-signed certificate"
+    community.crypto.openssl_csr:
+      path: "{{ _www_ssl_csr }}"
+      privatekey_path: "{{ www_ssl_priv_key }}"
+      common_name: "{{ www_servername }}"
+      organization_name: "SDM Framework"
+
+  - name: "create self-signed certificate from CSR"
+    community.crypto.x509_certificate:
+      path: "{{ www_ssl_cert }}" 
+      csr_path: "{{ _www_ssl_csr }}"
+      privatekey_path: "{{ www_ssl_priv_key }}"
+      provider: selfsigned
+  delegate_to: localhost

tasks/configure.yml

@@ -8,8 +8,22 @@
     group: "{{ www_group }}"
     mode: 0755
 
+- name: "configure PHP"
+  sdm.oor.call_role:
+    name: "package.lang.php.fpm"
+    tasks: "configure"
+  vars:
+    php_default_user: "{{ www_user }}"
+    php_default_group: "{{ www_group }}"
+  when: www_php_enable 
+
 - name: "configure SSL"  
   block:
+    - name: "create selfsigned certificate"
+      sdm.oor.call_tasks:
+        from: "_selfsignedcerts"
+      when: www_ssl_selfsigned is true
+
     - name: "get stat of SSL private directory"
       ansible.builtin.stat:
         path: "{{ '%s/ssl/private' | format(system_config_directory) }}"
@@ -44,11 +58,12 @@
         owner: "{{ _stat_sslcertsdir.stat.pw_name }}"
         group: "{{ _stat_sslcertsdir.stat.gr_name }}"
       when: (www_ssl_ca_cert | length) > 0
-  when: (www_ssl_priv_key | length) > 0 and  (www_ssl_cert | length) > 0
+  when: ((www_ssl_priv_key | length) > 0 and  (www_ssl_cert | length) > 0) or 
+        www_ssl_selfsigned is true
   notify:
     - "reload services"
   
 - name: "execute inherited configure"
   sdm.oor.call_tasks:
      from: configure
-     super: True
+     super: true

tasks/main.yml

@@ -18,3 +18,12 @@
     group: "{{ www_group }}"
     home: "{{ www_root_directory }}"
     shell: "/usr/sbin/nologin"
+
+- name: "install PHP"
+  sdm.oor.call_role:
+    name: "package.lang.php.fpm"
+    tasks: "main"
+  vars:
+    php_default_user: "{{ www_user }}"
+    php_default_group: "{{ www_group }}"
+  when: www_php_enable is true