From dc135471a36b6c58d2b5863f055a27ab7e0ba329 Mon Sep 17 00:00:00 2001
From: June <june@jsts.xyz>
Date: Tue, 18 Feb 2025 04:02:47 +0100
Subject: [PATCH] nginx(role): use better naming, wording and file structure

---
 roles/nginx/handlers/main.yaml                |  2 +-
 roles/nginx/tasks/main.yaml                   | 21 +++---
 .../tasks/main/01_validate_config_names.yaml  |  7 ++
 ...inx_install.yaml => 02_nginx_install.yaml} |  8 +--
 ...nfig_deploy.yaml => 03_config_deploy.yaml} | 68 +++++++++----------
 ...e_nginx_configuration_names_are_valid.yaml |  7 --
 6 files changed, 55 insertions(+), 58 deletions(-)
 create mode 100644 roles/nginx/tasks/main/01_validate_config_names.yaml
 rename roles/nginx/tasks/main/{nginx_install.yaml => 02_nginx_install.yaml} (81%)
 rename roles/nginx/tasks/main/{config_deploy.yaml => 03_config_deploy.yaml} (62%)
 delete mode 100644 roles/nginx/tasks/make_sure_nginx_configuration_names_are_valid.yaml

diff --git a/roles/nginx/handlers/main.yaml b/roles/nginx/handlers/main.yaml
index 57e07fc..0a366e9 100644
--- a/roles/nginx/handlers/main.yaml
+++ b/roles/nginx/handlers/main.yaml
@@ -1,4 +1,4 @@
-- name: Restart `nginx.service`
+- name: Restart nginx
   ansible.builtin.systemd:
     name: nginx.service
     state: restarted
diff --git a/roles/nginx/tasks/main.yaml b/roles/nginx/tasks/main.yaml
index 89c9be2..412940d 100644
--- a/roles/nginx/tasks/main.yaml
+++ b/roles/nginx/tasks/main.yaml
@@ -1,14 +1,11 @@
-- name: make sure nginx configuration names are valid
-  ansible.builtin.include_role:
-    name: nginx
-    tasks_from: make_sure_nginx_configuration_names_are_valid
+- name: Ensure valid configuration names
+  ansible.builtin.import_tasks:
+    file: main/01_validate_config_names.yaml
 
-- name: ensure NGINX is installed
-  ansible.builtin.include_role:
-    name: nginx
-    tasks_from: main/nginx_install
+- name: Ensure nginx is installed
+  ansible.builtin.import_tasks:
+    file: main/02_nginx_install
 
-- name: make sure desirable NGINX configs are deployed
-  ansible.builtin.include_role:
-    name: nginx
-    tasks_from: main/config_deploy
+- name: Ensure configuration deployment
+  ansible.builtin.import_tasks:
+    file: main/03_config_deploy
diff --git a/roles/nginx/tasks/main/01_validate_config_names.yaml b/roles/nginx/tasks/main/01_validate_config_names.yaml
new file mode 100644
index 0000000..7991b89
--- /dev/null
+++ b/roles/nginx/tasks/main/01_validate_config_names.yaml
@@ -0,0 +1,7 @@
+- name: Ensure that the given configuration names are valid
+  ansible.builtin.fail:
+    msg: "You used one of the reserved configuration names: '{{ item.name }}'."
+  when: item.name == "tls"
+        or item.name == "redirect"
+        or item.name == "logging"
+  loop: "{{ nginx__configurations }}"
diff --git a/roles/nginx/tasks/main/nginx_install.yaml b/roles/nginx/tasks/main/02_nginx_install.yaml
similarity index 81%
rename from roles/nginx/tasks/main/nginx_install.yaml
rename to roles/nginx/tasks/main/02_nginx_install.yaml
index a877c67..9ceb323 100644
--- a/roles/nginx/tasks/main/nginx_install.yaml
+++ b/roles/nginx/tasks/main/02_nginx_install.yaml
@@ -4,7 +4,7 @@
     state: present
   become: true
 
-- name: make sure NGINX signing key is added
+- name: Ensure NGINX signing key is added
   ansible.builtin.get_url:
     url: https://nginx.org/keys/nginx_signing.key
     dest: /etc/apt/trusted.gpg.d/nginx.asc
@@ -13,19 +13,19 @@
     group: root
   become: true
 
-- name: make sure NGINX APT repository is added
+- name: Ensure NGINX APT repository is added
   ansible.builtin.apt_repository:
     repo: "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/nginx.asc] https://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx"
     state: present
   become: true
 
-- name: make sure NGINX APT source repository is added
+- name: Ensure NGINX APT source repository is added
   ansible.builtin.apt_repository:
     repo: "deb-src [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/nginx.asc] https://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx"
     state: present
   become: true
 
-- name: set up repository pinning to make sure nginx package gets installed from NGINX repositories
+- name: Ensure repository pinning to make sure nginx package gets installed from NGINX repositories is set up
   ansible.builtin.copy:
     content: |
       Package: *
diff --git a/roles/nginx/tasks/main/config_deploy.yaml b/roles/nginx/tasks/main/03_config_deploy.yaml
similarity index 62%
rename from roles/nginx/tasks/main/config_deploy.yaml
rename to roles/nginx/tasks/main/03_config_deploy.yaml
index 01580b1..2f0c834 100644
--- a/roles/nginx/tasks/main/config_deploy.yaml
+++ b/roles/nginx/tasks/main/03_config_deploy.yaml
@@ -1,13 +1,13 @@
-- name: check, if a save of a previous `nginx.conf` is present
+- name: Check, if a save of a previous `nginx.conf` is present
   ansible.builtin.stat:
     path: /etc/nginx/nginx.conf.ansiblesave
-  register: nginx__nginx_conf_ansiblesave_stat_result
+  register: nginx__nginx_conf_ansiblesave_stat
 
-- name: handle the case, where a custom `nginx.conf` is to be used
+- name: Handle the case, where a custom `nginx.conf` is to be used
   when: nginx__use_custom_nginx_conf
   block:
-    - name: when no `nginx.conf.ansiblesave` is present, save the current `nginx.conf`
-      when: not nginx__nginx_conf_ansiblesave_stat_result.stat.exists
+    - name: When no `nginx.conf.ansiblesave` is present, save the current `nginx.conf`
+      when: not nginx__nginx_conf_ansiblesave_stat.stat.exists
       ansible.builtin.copy:
         force: true
         dest: /etc/nginx/nginx.conf.ansiblesave
@@ -18,7 +18,7 @@
         src: /etc/nginx/nginx.conf
       become: true
 
-    - name: deploy the custom `nginx.conf`
+    - name: Ensure the custom `nginx.conf` is deployed
       ansible.builtin.copy:
         content: "{{ nginx__custom_nginx_conf }}"
         dest: "/etc/nginx/nginx.conf"
@@ -26,13 +26,13 @@
         owner: root
         group: root
       become: true
-      notify: Restart `nginx.service`
+      notify: Restart nginx
 
-- name: handle the case, where no custom `nginx.conf` is to be used
+- name: Handle the case, where no custom `nginx.conf` is to be used
   when: not nginx__use_custom_nginx_conf
   block:
-    - name: when a `nginx.conf.ansiblesave` is present, copy it to `nginx.conf`
-      when: nginx__nginx_conf_ansiblesave_stat_result.stat.exists
+    - name: When a `nginx.conf.ansiblesave` is present, copy it to `nginx.conf`
+      when: nginx__nginx_conf_ansiblesave_stat.stat.exists
       ansible.builtin.copy:
         force: true
         dest: /etc/nginx/nginx.conf
@@ -42,32 +42,32 @@
         remote_src: true
         src: /etc/nginx/nginx.conf.ansiblesave
       become: true
-      notify: Restart `nginx.service`
+      notify: Restart nginx
 
-    - name: delete the `nginx.conf.ansiblesave`, if it is present
-      when: nginx__nginx_conf_ansiblesave_stat_result.stat.exists
+    - name: Ensure no `nginx.conf.ansiblesave` is present
+      when: nginx__nginx_conf_ansiblesave_stat.stat.exists
       ansible.builtin.file:
         path: /etc/nginx/nginx.conf.ansiblesave
         state: absent
       become: true
 
-- name: make sure mozilla dhparam is deployed
+- name: Ensure mozilla dhparam is deployed
   ansible.builtin.get_url:
     force: true
     dest: /etc/nginx-mozilla-dhparam
     mode: "0644"
     url: https://ssl-config.mozilla.org/ffdhe2048.txt
   become: true
-  notify: Restart `nginx.service`
+  notify: Restart nginx
 
-- name: set `nginx__config_files_to_exist` fact initially to an empty list
+- name: Set `nginx__config_files_to_exist` fact initially to an empty list
   ansible.builtin.set_fact:
     nginx__config_files_to_exist: [ ]
 
-- name: handle the case, where tls.conf should be deployed
+- name: Handle the case, where tls.conf should be deployed
   when: nginx__deploy_tls_conf
   block:
-    - name: make sure tls.conf is deployed
+    - name: Ensure tls.conf is deployed
       ansible.builtin.copy:
         force: true
         dest: /etc/nginx/conf.d/tls.conf
@@ -76,16 +76,16 @@
         group: root
         src: tls.conf
       become: true
-      notify: Restart `nginx.service`
+      notify: Restart nginx
 
-    - name: add tls.conf to nginx__config_files_to_exist
+    - name: Add tls.conf to nginx__config_files_to_exist
       ansible.builtin.set_fact:
         nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'tls.conf' ] }}"  # noqa: jinja[spacing]
 
-- name: handle the case, where redirect.conf should be deployed
+- name: Handle the case, where redirect.conf should be deployed
   when: nginx__deploy_redirect_conf
   block:
-    - name: make sure redirect.conf is deployed
+    - name: Ensure redirect.conf is deployed
       ansible.builtin.copy:
         force: true
         dest: /etc/nginx/conf.d/redirect.conf
@@ -94,16 +94,16 @@
         group: root
         src: redirect.conf
       become: true
-      notify: Restart `nginx.service`
+      notify: Restart nginx
 
-    - name: add redirect.conf to nginx__config_files_to_exist
+    - name: Add redirect.conf to nginx__config_files_to_exist
       ansible.builtin.set_fact:
         nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'redirect.conf' ] }}"  # noqa: jinja[spacing]
 
-- name: handle the case, where logging.conf should be deployed
+- name: Handle the case, where logging.conf should be deployed
   when: nginx__deploy_logging_conf
   block:
-    - name: make sure logging.conf is deployed
+    - name: Ensure logging.conf is deployed
       ansible.builtin.copy:
         force: true
         dest: /etc/nginx/conf.d/logging.conf
@@ -112,13 +112,13 @@
         group: root
         src: logging.conf
       become: true
-      notify: Restart `nginx.service`
+      notify: Restart nginx
 
-    - name: add logging.conf to nginx__config_files_to_exist
+    - name: Add logging.conf to nginx__config_files_to_exist
       ansible.builtin.set_fact:
         nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'logging.conf' ] }}"  # noqa: jinja[spacing]
 
-- name: make sure all given configuration files are deployed
+- name: Ensure all given configuration files are deployed
   ansible.builtin.copy:
     content: "{{ item.content }}"
     dest: "/etc/nginx/conf.d/{{ item.name }}.conf"
@@ -127,24 +127,24 @@
     group: root
   become: true
   loop: "{{ nginx__configurations }}"
-  notify: Restart `nginx.service`
+  notify: Restart nginx
 
-- name: add names plus suffix from `nginx__configurations` to `nginx__config_files_to_exist` fact
+- name: Add names with suffixes from `nginx__configurations` to `nginx__config_files_to_exist` fact
   ansible.builtin.set_fact:
     nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ item.name + '.conf' ] }}"  # noqa: jinja[spacing]
   loop: "{{ nginx__configurations }}"
 
-- name: find configuration files to remove
+- name: Find configuration files to remove
   ansible.builtin.find:
     paths: /etc/nginx/conf.d/
     recurse: false
     excludes: "{{ nginx__config_files_to_exist }}"
   register: nginx__config_files_to_remove
 
-- name: remove all configuration file, which should be removed
+- name: Remove all configuration file, which should be removed
   ansible.builtin.file:
     path: "{{ item.path }}"
     state: absent
   become: true
   loop: "{{ nginx__config_files_to_remove.files }}"
-  notify: Restart `nginx.service`
+  notify: Restart nginx
diff --git a/roles/nginx/tasks/make_sure_nginx_configuration_names_are_valid.yaml b/roles/nginx/tasks/make_sure_nginx_configuration_names_are_valid.yaml
deleted file mode 100644
index 234b12c..0000000
--- a/roles/nginx/tasks/make_sure_nginx_configuration_names_are_valid.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-- name: make sure nginx configuration names are valid
-  ansible.builtin.fail:
-    msg: "You used the following name: `{{ item.name }}`. Please make sure to not use the following names: `tls`, `redirect`."
-  when: item.name == "tls"
-        or item.name == "redirect"
-        or item.name == "logging"
-  loop: "{{ nginx__configurations }}"