---

- hosts: all
  become: true
  vars:
    # common
    ca_certificates:
      testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"

    # web_server
    default_https_tls_certificate: "{{ lookup('file', 'tests/data/x509/php-website_https.cert.pem') }}"
    default_https_tls_key: "{{ lookup('file', 'tests/data/x509/php-website_https.key.pem') }}"

    # Common parameters (general, not role).
    tls_certificate_dir: tests/data/x509/
    tls_private_key_dir: tests/data/x509/

  roles:
    - role: php_website
      fqdn: parameters-mandatory

    - role: php_website
      additional_fpm_config:
        "env[PATH]": "\"/usr/local/bin:/usr/bin:/bin\""
        "security.limit_extensions": ".php .myphp"
      additional_nginx_config:
        - comment: Custom missing page.
          value: error_page 404 /404.myphp;
      admin_uid: 5000
      deny_files_regex:
        - '^/secretfile.txt'
      enforce_https: false
      environment_indicator:
        background_colour: "#ff0000"
        text_colour: "#00ff00"
        text: "parameters-optional"
      fqdn: parameters-optional.local
      index: myindex.php
      https_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional.local_https.cert.pem') }}"
      https_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional.local_https.key.pem') }}"
      php_file_regex: "\\.myphp$"
      php_rewrite_urls:
        - ^/rewrite1/(.*)$ /rewrite.myphp?url=$1 last
        - ^/rewrite2/(.*)$ /rewrite.myphp?url=$1 last
      rewrites:
        - '^/rewrite_to_index1/(.*) /myindex.php last'
        - '^/rewrite_to_index2/(.*) /myindex.php last'
      packages:
        - "{% if ansible_distribution_release == 'jessie' %}php5-ldap{% elif ansible_distribution_release == 'stretch' %}php-ldap{% endif %}"
        - "{% if ansible_distribution_release == 'jessie' %}php5-json{% elif ansible_distribution_release == 'stretch' %}php-json{% endif %}"
        - "{% if ansible_distribution_release == 'jessie' %}libmariadb-client-lgpl-dev-compat\
{% elif ansible_distribution_release == 'stretch' %}libmariadbclient-dev-compat{% endif %}"
      uid: 5001
      website_mail_recipients: user

- hosts: all
  become: true
  tasks:
    # parameters-mandatory application
    - name: Set-up directory where PHP files are hosted at
      file:
        path: /var/www/parameters-mandatory/htdocs
        state: directory
        owner: admin-parameters-mandatory
        group: web-parameters-mandatory
        mode: 0750

    - name: Deploy a couple of PHP pages for testing purposes
      copy:
        src: "tests/data/php/mandatory/{{ item }}"
        dest: "/var/www/parameters-mandatory/htdocs/{{ item }}"
        owner: admin-parameters-mandatory
        group: web-parameters-mandatory
        mode: 0640
      with_items:
        - index.php
        - index.php3

    # parameters-optional application
    - name: Set-up directory where PHP files are hosted at
      file:
        path: /var/www/parameters-optional.local/htdocs
        state: directory
        owner: admin-parameters-optional_local
        group: web-parameters-optional_local
        mode: 0750

    - name: Deploy a couple of PHP pages for testing purposes
      copy:
        src: "tests/data/php/optional/{{ item }}"
        dest: "/var/www/parameters-optional.local/htdocs/{{ item }}"
        owner: admin-parameters-optional_local
        group: web-parameters-optional_local
        mode: 0640
      with_items:
        - myindex.php
        - myindex.myphp
        - path.myphp
        - secretfile.txt
        - info.myphp
        - 404.myphp
        - rewrite.myphp