4 files changed, 32 insertions, 2 deletions

diff --git a/roles/web/files/nginx b/roles/web/files/nginx
new file mode 100644
index 0000000..da8ba47
--- /dev/null
+++ b/roles/web/files/nginx
@@ -0,0 +1,12 @@
+/var/log/nginx/*log {
+	missingok
+	notifempty
+	create 640 http root
+	daily
+	rotate 14
+	sharedscripts
+	compress
+	postrotate
+		test ! -r /run/nginx.pid || kill -USR1 `cat /run/nginx.pid`
+	endscript
+}
diff --git a/roles/web/tasks/logrotate.yml b/roles/web/tasks/logrotate.yml
new file mode 100644
index 0000000..9171b40
--- /dev/null
+++ b/roles/web/tasks/logrotate.yml
@@ -0,0 +1,11 @@
+- name: Install logrotate
+  ansible.builtin.package:
+    name:
+      - logrotate
+    state: present
+
+- name: Enable logrotate timer
+  ansible.builtin.service:
+    name: logrotate.timer
+    enabled: yes
+    state: started
diff --git a/roles/web/tasks/main.yml b/roles/web/tasks/main.yml
index 8fa22b1..5b94d1b 100644
--- a/roles/web/tasks/main.yml
+++ b/roles/web/tasks/main.yml
@@ -1 +1,2 @@
+- ansible.builtin.import_tasks: roles/web/tasks/logrotate.yml
 - ansible.builtin.import_tasks: roles/web/tasks/nginx.yml
diff --git a/roles/web/tasks/nginx.yml b/roles/web/tasks/nginx.yml
index 6348b24..108bb61 100644
--- a/roles/web/tasks/nginx.yml
+++ b/roles/web/tasks/nginx.yml
@@ -27,8 +27,14 @@
     dest: /etc/nginx/nginx.conf
     owner: root
     group: root
-    mode: u+rw,g+,o+r
+    mode: u+rw,g+r,o+r
   notify:
     - Reload nginx
 
-# TODO: logrotate
+- name: Configure nginx logrotate
+  ansible.builtin.copy:
+    src: roles/web/files/nginx
+    dest: /etc/logrotate.d/nginx
+    owner: root
+    group: root
+    mode: u+rw,g+r,o+r