From 074a92bc1571cf5f1d039cea2348d8b134aa1f75 Mon Sep 17 00:00:00 2001
From: Dmitry Ilvokhin <d@ilvokhin.com>
Date: Thu, 21 Dec 2023 16:37:22 +0000
Subject: Enable logrotate for nginx logs

---
 hosts.ini                     |  2 +-
 roles/web/files/nginx         | 12 ++++++++++++
 roles/web/tasks/logrotate.yml | 11 +++++++++++
 roles/web/tasks/main.yml      |  1 +
 roles/web/tasks/nginx.yml     | 10 ++++++++--
 setup.yml                     |  5 +++++
 6 files changed, 38 insertions(+), 3 deletions(-)
 create mode 100644 roles/web/files/nginx
 create mode 100644 roles/web/tasks/logrotate.yml

diff --git a/hosts.ini b/hosts.ini
index a29fd2f..c9a67c1 100644
--- a/hosts.ini
+++ b/hosts.ini
@@ -1,2 +1,2 @@
-[test]
+[web]
 arch.ilvokhin.com
diff --git a/roles/web/files/nginx b/roles/web/files/nginx
new file mode 100644
index 0000000..da8ba47
--- /dev/null
+++ b/roles/web/files/nginx
@@ -0,0 +1,12 @@
+/var/log/nginx/*log {
+	missingok
+	notifempty
+	create 640 http root
+	daily
+	rotate 14
+	sharedscripts
+	compress
+	postrotate
+		test ! -r /run/nginx.pid || kill -USR1 `cat /run/nginx.pid`
+	endscript
+}
diff --git a/roles/web/tasks/logrotate.yml b/roles/web/tasks/logrotate.yml
new file mode 100644
index 0000000..9171b40
--- /dev/null
+++ b/roles/web/tasks/logrotate.yml
@@ -0,0 +1,11 @@
+- name: Install logrotate
+  ansible.builtin.package:
+    name:
+      - logrotate
+    state: present
+
+- name: Enable logrotate timer
+  ansible.builtin.service:
+    name: logrotate.timer
+    enabled: yes
+    state: started
diff --git a/roles/web/tasks/main.yml b/roles/web/tasks/main.yml
index 8fa22b1..5b94d1b 100644
--- a/roles/web/tasks/main.yml
+++ b/roles/web/tasks/main.yml
@@ -1 +1,2 @@
+- ansible.builtin.import_tasks: roles/web/tasks/logrotate.yml
 - ansible.builtin.import_tasks: roles/web/tasks/nginx.yml
diff --git a/roles/web/tasks/nginx.yml b/roles/web/tasks/nginx.yml
index 6348b24..108bb61 100644
--- a/roles/web/tasks/nginx.yml
+++ b/roles/web/tasks/nginx.yml
@@ -27,8 +27,14 @@
     dest: /etc/nginx/nginx.conf
     owner: root
     group: root
-    mode: u+rw,g+,o+r
+    mode: u+rw,g+r,o+r
   notify:
     - Reload nginx
 
-# TODO: logrotate
+- name: Configure nginx logrotate
+  ansible.builtin.copy:
+    src: roles/web/files/nginx
+    dest: /etc/logrotate.d/nginx
+    owner: root
+    group: root
+    mode: u+rw,g+r,o+r
diff --git a/setup.yml b/setup.yml
index 05d9385..afbccfb 100644
--- a/setup.yml
+++ b/setup.yml
@@ -2,3 +2,8 @@
   hosts: all
   roles:
     - { role: essential }
+
+- name: Basic setup for all hosts
+  hosts: web
+  roles:
+    - { role: web }
-- 
cgit v1.2.3-70-g09d2