- "TLSv1.2"

web_server_tls_ciphers: "\

DHE-RSA-AES128-GCM-SHA256:\

DHE-RSA-AES256-GCM-SHA384:\

DHE-RSA-CHACHA20-POLY1305:\

ECDHE-RSA-AES128-GCM-SHA256:\

ECDHE-RSA-AES256-GCM-SHA384:\

ECDHE-RSA-CHACHA20-POLY1305:\

!aNULL:!MD5:!EXPORT"

# Internal parameters

php_fpm_service_name_per_release:

  bookworm: "php8.2-fpm"

php_base_config_dir_per_release:

  bookworm: "/etc/php/8.2"

php_fpm_package_name: "php-fpm"

php_fpm_service_name: "{{ php_fpm_service_name_per_release[ansible_distribution_release] }}"

php_base_config_dir: "{{ php_base_config_dir_per_release[ansible_distribution_release] }}"

  - name: client

    box: debian/bookworm64

    memory: 256

    cpus: 1

    provider_raw_config_args:

      - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"

    interfaces:

      - auto_config: true

        ip: 192.168.56.11

        network_name: private_network

        type: static

  - name: parameters-mandatory-bookworm

    groups:

      - parameters-mandatory

      - bookworm

    box: debian/bookworm64

    memory: 512

    cpus: 1

    provider_raw_config_args:

      - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"

    interfaces:

      - auto_config: true

        ip: 192.168.56.21

    - name: Generate server private keys and certificates

      command:

      args:

        chdir: "tests/data/"

        creates: ".gimmecert/server/{{ item.name }}.cert.pem"

        argv:

          - "gimmecert"

          - "server"

          - "{{ item.name }}"

          - "{{ item.fqdn }}"

      with_items:

        - name: parameters-mandatory-bookworm_https

          fqdn: parameters-mandatory-bookworm

        - name: parameters-optional-bookworm_https

          fqdn: parameters-optional-bookworm

    - name: Set-up link to generated X.509 material

      file:

        src: ".gimmecert"

        dest: "tests/data/x509"

        state: link

- name: Prepare

    - name: Set-up the hosts file

      lineinfile:

        path: /etc/hosts

        regexp: "^{{ item.key }}"

        line: "{{ item.key }} {{ item.value }}"

        owner: root

        group: root

        mode: 0644

        state: present

      with_dict:

        192.168.56.11: "client"

        192.168.56.21: "parameters-mandatory-bookworm"

        192.168.56.22: "parameters-optional-bookworm"

    - name: Install curl for testing redirects and webpage content

      apt:

        name: curl

        state: present

- hosts: client

  become: true

  tasks:

import pytest

@pytest.fixture

def php_info(host):

    """

    Helper fixture used to define what the expected PHP-FPM package

    name, PHP-FPM service name, and PHP base configuration directory

    is based on Debian release.

    Currently supports:

    Resulting information can be accessed through returned named tuple

    with the following properties:

    - fpm_package (name of the PHP-FPM package)

    - fpm_service (name of the PHP-FPM system service)

    - base_config_dir (base configuration directory for PHP)

    """

    PHPInfo = namedtuple('PHPInfo', 'fpm_package fpm_service base_config_dir')

    ansible_facts = host.ansible("setup")["ansible_facts"]

    ansible_distribution_release = ansible_facts['ansible_distribution_release']

        info = PHPInfo(fpm_package='php-fpm', fpm_service='php8.2-fpm', base_config_dir='/etc/php/8.2')

    else:

        raise Exception('The php_info pytest fixture does not support Debian release: %s' % ansible_distribution_release)

    return info