---

- name: Converge
  hosts: all
  become: true
  vars:
    # common
    ca_certificates:
      testca: "{{ lookup('file', 'tests/data/x509/ca/level1.cert.pem') }}"

    # web_server
    default_https_tls_certificate: "{{ lookup('file', 'tests/data/x509/server/php-website_https.cert.pem') }}"
    default_https_tls_key: "{{ lookup('file', 'tests/data/x509/server/php-website_https.key.pem') }}"

  roles:
    - role: php_website
      fqdn: parameters-mandatory
      https_tls_certificate: "{{ lookup('file', 'tests/data/x509/server/parameters-mandatory_https.cert.pem') }}"
      https_tls_key: "{{ lookup('file', 'tests/data/x509/server/parameters-mandatory_https.key.pem') }}"

    - role: php_website
      additional_fpm_config:
        "env[PATH]": "\"/usr/local/bin:/usr/bin:/bin\""
        "security.limit_extensions": ".php .myphp"
      additional_nginx_config:
        - comment: Custom missing page.
          value: error_page 404 /404.myphp;
      admin_uid: 5000
      deny_files_regex:
        - '^/secretfile.txt'
      environment_indicator:
        background_colour: "#ff0000"
        text_colour: "#00ff00"
        text: "parameters-optional"
      fqdn: parameters-optional.local
      index: myindex.php
      https_tls_certificate: "{{ lookup('file', 'tests/data/x509/server/parameters-optional_https.cert.pem') }}"
      https_tls_key: "{{ lookup('file', 'tests/data/x509/server/parameters-optional_https.key.pem') }}"
      php_file_regex: "\\.myphp$"
      php_rewrite_urls:
        - ^/rewrite1/(.*)$ /rewrite.myphp?url=$1 last
        - ^/rewrite2/(.*)$ /rewrite.myphp?url=$1 last
      http_header_overrides:
        Accept-Encoding: 'donotencode'
      rewrites:
        - '^/rewrite_to_index1/(.*) /myindex.php last'
        - '^/rewrite_to_index2/(.*) /myindex.php last'
      packages:
        - "php-ldap"
        - "php-json"
      uid: 5001
      website_mail_recipients: user

- name: Converge, application
  hosts: all
  become: true
  tasks:
    # parameters-mandatory application
    - name: Set-up directory where PHP files are hosted at
      file:
        path: /var/www/parameters-mandatory/htdocs
        state: directory
        owner: admin-parameters-mandatory
        group: web-parameters-mandatory
        mode: "0750"

    - name: Deploy a couple of PHP pages for testing purposes
      copy:
        src: "tests/data/php/mandatory/{{ item }}"
        dest: "/var/www/parameters-mandatory/htdocs/{{ item }}"
        owner: admin-parameters-mandatory
        group: web-parameters-mandatory
        mode: "0640"
      with_items:
        - index.php
        - index.php3

    # parameters-optional application
    - name: Set-up directory where PHP files are hosted at
      file:
        path: /var/www/parameters-optional.local/htdocs
        state: directory
        owner: admin-parameters-optional_local
        group: web-parameters-optional_local
        mode: "0750"

    - name: Deploy a couple of PHP pages for testing purposes
      copy:
        src: "tests/data/php/optional/{{ item }}"
        dest: "/var/www/parameters-optional.local/htdocs/{{ item }}"
        owner: admin-parameters-optional_local
        group: web-parameters-optional_local
        mode: "0640"
      with_items:
        - myindex.php
        - myindex.myphp
        - path.myphp
        - secretfile.txt
        - info.myphp
        - 404.myphp
        - rewrite.myphp
        - headers.myphp