tasks/opensource/install-source.yml

---
- name: Check for build tools
  when: nginx_install_source_build_tools | bool
  block:
    - name: (Alpine Linux) Install build tools
      community.general.apk:
        name:
          - alpine-sdk
          - build-base
          - git
          - openrc
          - perl
          - python3
          - linux-headers
          - tar
          - wget
        update_cache: true
      when: ansible_facts['os_family'] == 'Alpine'

    - name: (AlmaLinux/Amazon Linux/Oracle Linux/RHEL/Rocky Linux) Set up build tools
      when: ansible_facts['os_family'] == 'RedHat'
      block:
        - name: (RHEL 8) Install Python 3
          ansible.builtin.yum:
            name:
              - python3
              - python3-pip
              - python3-devel
            update_cache: true
          when: ansible_facts['distribution_major_version'] is version('8', '==')

        - name: (RHEL 8) Set Python 3 as default
          community.general.alternatives:
            name: python
            path: /usr/bin/python3
            link: /usr/bin/python
          when: ansible_facts['distribution_major_version'] is version('8', '==')

        - name: (AlmaLinux/Amazon Linux/Oracle Linux/RHEL/Rocky Linux) Install build tools
          ansible.builtin.yum:
            name:
              - ca-certificates
              - gcc
              - gcc-c++
              - gd
              - gd-devel
              - glibc
              - glibc-common
              - make
              - perl-core
              - tar
              - unzip
              - wget
              - zlib-devel
            update_cache: true

    - name: (Debian/Ubuntu) Install build tools
      ansible.builtin.apt:
        name:
          - build-essential
          - checkinstall
          - libtemplate-perl
          - python3-minimal
          - perl
          - tar
          - zlib1g-dev
        update_cache: true
      when: ansible_facts['os_family'] == 'Debian'

    - name: (SLES) Install build tools
      community.general.zypper:
        name:
          - awk
          - gcc
          - gzip
          - make
          - tar
          - zlib-devel
        update_cache: true
      when: ansible_facts['os_family'] == 'Suse'

- name: Check for source installs
  block:
    - name: Check for PCRE install
      ansible.builtin.stat:
        path: /tmp/pcre-{{ pcre_version }}
      register: pcre_result

    - name: Check for ZLib install
      ansible.builtin.stat:
        path: /tmp/zlib-{{ zlib_version }}
      register: zlib_result

    - name: Check for OpenSSL install
      ansible.builtin.stat:
        path: /tmp/openssl-{{ openssl_version }}
      register: openssl_result

- name: Install PCRE dependecy from package
  when: not nginx_install_source_pcre | bool
  block:
    - name: (Alpine Linux) Install PCRE dependency from package
      community.general.apk:
        name: "{{ (pcre_release == 2) | ternary('pcre2-dev', 'pcre-dev') }}"
        update_cache: true
      when: ansible_facts['os_family'] == 'Alpine'

    - name: (AlmaLinux/Amazon Linux/Oracle Linux/RHEL/Rocky Linux) Install PCRE dependency from package
      ansible.builtin.yum:
        name: "{{ (pcre_release == 2) | ternary('pcre2-devel', 'pcre-devel') }}"
        update_cache: true
      when: ansible_facts['os_family'] == 'RedHat'

    - name: (Debian/Ubuntu) Install PCRE dependency from package
      ansible.builtin.apt:
        name: "{{ (pcre_release == 2) | ternary('libpcre2-dev', 'libpcre3-dev') }}"
        update_cache: true
      when: ansible_facts['os_family'] == 'Debian'

    - name: (SLES) Install PCRE dependency from package
      community.general.zypper:
        name: "{{ (pcre_release == 2) | ternary('pcre2-devel', 'pcre-devel') }}"
        update_cache: true
      when: ansible_facts['os_family'] == 'Suse'

- name: Install PCRE dependence from source
  when:
    - not pcre_result['stat']['exists'] | bool
    - nginx_install_source_pcre | bool
    - not ansible_check_mode | bool
  block:
    - name: Download PCRE dependency
      ansible.builtin.get_url:
        url: "{{ (pcre_release == 2) | ternary('https://github.com/PCRE2Project/pcre2/releases/download/pcre2-' ~ pcre_version ~ '/pcre2-' ~ pcre_version ~ '.tar.gz', 'https://ftp.exim.org/pub/pcre/pcre-' ~ pcre_version ~ '.tar.gz') }}"
        dest: /tmp
        mode: "0600"
      register: pcre_source

    - name: Ensure PCRE directory exists
      ansible.builtin.file:
        path: /tmp/pcre-{{ pcre_version }}
        state: directory
        mode: "0700"

    - name: Unpack PCRE dependency
      ansible.builtin.unarchive:
        copy: false
        src: "{{ pcre_source['dest'] }}"
        dest: /tmp/pcre-{{ pcre_version }}/
        mode: "0700"
        extra_opts: [--strip-components=1]

    - name: Configure PCRE dependency
      ansible.builtin.command:
        cmd: ./configure
        chdir: /tmp/pcre-{{ pcre_version }}
        creates: /tmp/makefile

    - name: Make PCRE dependency
      community.general.make:
        chdir: /tmp/pcre-{{ pcre_version }}

    - name: Install PCRE dependency
      community.general.make:
        chdir: /tmp/pcre-{{ pcre_version }}
        target: install

- name: Install ZLib dependency from package
  when: not nginx_install_source_zlib | bool
  block:
    - name: (Alpine Linux) Install ZLib dependency from package
      community.general.apk:
        name: zlib-dev
        update_cache: true
      when: ansible_facts['os_family'] == 'Alpine'

    - name: (AlmaLinux/Amazon Linux/Oracle Linux/RHEL/Rocky Linux) Install ZLib dependency from package
      ansible.builtin.yum:
        name: zlib-devel
        update_cache: true
      when: ansible_facts['os_family'] == 'RedHat'

    - name: (Debian/Ubuntu) Install ZLib dependency from package
      ansible.builtin.apt:
        name: zlib1g-dev
        update_cache: true
      when: ansible_facts['os_family'] == 'Debian'

    - name: (SLES) Install ZLib dependency from package
      community.general.zypper:
        name: zlib-devel
        update_cache: true
      when: ansible_facts['os_family'] == 'Suse'

- name: Install ZLib dependency from source
  when:
    - not zlib_result['stat']['exists'] | bool
    - nginx_install_source_zlib | bool
    - not ansible_check_mode | bool
  block:
    - name: Download ZLib dependency
      ansible.builtin.get_url:
        url: https://github.com/madler/zlib/releases/download/v{{ zlib_version }}/zlib-{{ zlib_version }}.tar.gz
        dest: /tmp
        mode: "0600"
      register: zlib_source

    - name: Ensure ZLib directory exists
      ansible.builtin.file:
        path: /tmp/zlib-{{ zlib_version }}
        state: directory
        mode: "0700"

    - name: Unpack ZLib dependency
      ansible.builtin.unarchive:
        copy: false
        src: "{{ zlib_source['dest'] }}"
        dest: /tmp/zlib-{{ zlib_version }}
        mode: "0700"
        extra_opts: [--strip-components=1]

    - name: Configure ZLib dependency
      ansible.builtin.command:
        cmd: ./configure
        chdir: /tmp/zlib-{{ zlib_version }}
        creates: /tmp/makefile

    - name: Make ZLib dependency
      community.general.make:
        chdir: /tmp/zlib-{{ zlib_version }}

    - name: Install ZLib dependency
      community.general.make:
        chdir: /tmp/zlib-{{ zlib_version }}
        target: install

- name: Install OpenSSL dependency from package
  when: not nginx_install_source_openssl | bool
  block:
    - name: (Alpine Linux) Install OpenSSL dependency from package
      community.general.apk:
        name: openssl-dev
        update_cache: true
      when: ansible_facts['os_family'] == 'Alpine'

    - name: (AlmaLinux/Amazon Linux/Oracle Linux/RHEL/Rocky Linux) Install OpenSSL dependency from package
      ansible.builtin.yum:
        name: openssl-devel
        update_cache: true
      when: ansible_facts['os_family'] == 'RedHat'

    - name: (Debian/Ubuntu) Install OpenSSL dependency from package
      ansible.builtin.apt:
        name: libssl-dev
        update_cache: true
      when: ansible_facts['os_family'] == 'Debian'

    - name: (SLES) Install OpenSSL dependency from package
      community.general.zypper:
        name: openssl-devel
        update_cache: true
      when: ansible_facts['os_family'] == 'Suse'

- name: Install OpenSSL dependency from source
  when:
    - not openssl_result['stat']['exists'] | bool
    - nginx_install_source_openssl | bool
    - not ansible_check_mode | bool
  block:
    - name: Download OpenSSL dependency
      ansible.builtin.get_url:
        url: https://github.com/openssl/openssl/archive/refs/tags/openssl-{{ openssl_version }}.tar.gz
        dest: /tmp/{{ openssl_version }}.tar.gz
        mode: "0600"
      register: openssl_source

    - name: Ensure OpenSSL directory exists
      ansible.builtin.file:
        path: /tmp/openssl-{{ openssl_version }}
        state: directory
        mode: "0700"

    - name: Unpack OpenSSL dependency
      ansible.builtin.unarchive:
        copy: false
        src: "{{ openssl_source['dest'] }}"
        dest: /tmp/openssl-{{ openssl_version }}
        mode: "0700"
        extra_opts: [--strip-components=1]

    - name: Configure OpenSSL dependency
      ansible.builtin.command:
        cmd: ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib
        chdir: /tmp/openssl-{{ openssl_version }}
        creates: /tmp/makefile

    - name: Make OpenSSL dependency
      community.general.make:
        chdir: /tmp/openssl-{{ openssl_version }}

    - name: Install OpenSSL dependency
      community.general.make:
        chdir: /tmp/openssl-{{ openssl_version }}
        target: install

- name: Get latest NGINX version
  when: nginx_version is undefined
  block:
    - name: Fetch NGINX latest version
      ansible.builtin.uri:
        url: https://version.nginx.com/nginx/{{ nginx_branch }}
        return_content: true
      check_mode: false
      register: nginx_latest_version

    - name: Set NGINX version
      ansible.builtin.set_fact:
        nginx_version: "{{ (nginx_latest_version['content'] | regex_search('([0-9]+\\.){2}[0-9]+')) }}"

- name: Check for NGINX install
  ansible.builtin.stat:
    path: /usr/sbin/nginx
    follow: true
  register: nginx_result

- name: Add NGINX group
  ansible.builtin.group:
    name: nginx

- name: Add NGINX user
  ansible.builtin.user:
    name: nginx
    group: nginx
    comment: nginx user
    home: /var/cache/nginx
    shell: /sbin/nologin

- name: Install NGINX
  when:
    - not nginx_result['stat']['exists'] | bool
    - not ansible_check_mode | bool
  block:
    - name: Download NGINX
      ansible.builtin.get_url:
        url: https://nginx.org/download/nginx-{{ nginx_version }}.tar.gz
        dest: /tmp/nginx-{{ nginx_version }}.tar.gz
        mode: "0600"
      register: nginx_source

    - name: Unpack NGINX
      ansible.builtin.unarchive:
        copy: false
        src: "{{ nginx_source.dest }}"
        dest: /tmp
        mode: "0755"

    - name: Set static modules
      ansible.builtin.set_fact:
        nginx_install_source_static_modules: "{{ nginx_install_source_static_modules | default('') + ' --with-' + item }}"
      loop: "{{ nginx_static_modules }}"

    - name: Configure NGINX
      ansible.builtin.command:
        cmd: >-
          ./configure
          --conf-path=/etc/nginx/nginx.conf
          --error-log-path=/var/log/nginx/error.log
          --http-log-path=/var/log/nginx/access.log
          --lock-path=/var/lock/nginx.lock
          --modules-path=/usr/lib/nginx/modules
          --prefix=/usr
          --pid-path=/var/run/nginx.pid
          --user=nginx
          --with-mail=dynamic
          --with-stream
          {{ nginx_install_source_pcre | ternary('--with-pcre=../pcre-' + pcre_version | string, '') }}
          {{ nginx_install_source_zlib | ternary('--with-zlib=../zlib-' + zlib_version | string, '') }}
          {{ nginx_install_source_openssl | ternary('--with-openssl=../openssl-' + openssl_version | string, '') }}
          {{ nginx_install_source_static_modules | default('') }}
        chdir: /tmp/nginx-{{ nginx_version }}
        creates: /tmp/makefile
      register: nginx_configure

    - name: Make NGINX
      community.general.make:
        chdir: /tmp/nginx-{{ nginx_version }}

    - name: Install NGINX
      community.general.make:
        chdir: /tmp/nginx-{{ nginx_version }}
        target: install

    - name: Set up systemd
      when: ansible_facts['service_mgr'] == 'systemd'
      notify: (Handler) Run NGINX
      block:
        - name: Upload systemd NGINX service file
          ansible.builtin.copy:
            src: services/nginx.systemd
            dest: "{{ (ansible_facts['os_family'] == 'Suse') | ternary('usr/lib/systemd/system/nginx.service', '/lib/systemd/system/nginx.service') }}"
            owner: root
            group: root
            mode: "0644"

        - name: Enable systemd NGINX service file
          ansible.builtin.systemd:
            daemon_reload: true
            name: nginx
            state: restarted
            enabled: true

    - name: Set up Upstart
      when: ansible_facts['service_mgr'] == 'upstart'
      notify: (Handler) Run NGINX
      block:
        - name: Upload Upstart NGINX service file
          ansible.builtin.copy:
            src: services/nginx.upstart
            dest: /etc/init.d/nginx
            owner: root
            group: root
            mode: "0755"

        - name: Upload Upstart NGINX service conf file
          ansible.builtin.copy:
            src: services/nginx.conf.upstart
            dest: /etc/init/nginx.conf
            owner: root
            group: root
            mode: "0644"

        - name: Enable Upstart NGINX service reload # noqa no-changed-when
          ansible.builtin.command: initctl reload-configuration

        - name: Start Upstart NGINX service reload # noqa no-changed-when
          ansible.builtin.command: nginx

    - name: Upload SysVinit NGINX service file
      ansible.builtin.copy:
        src: services/nginx.sysvinit
        dest: /etc/init.d/nginx
        owner: root
        group: root
        mode: "0755"
      when: ansible_facts['service_mgr'] == 'sysvinit'
      notify: (Handler) Run NGINX

    - name: Set up OpenRC
      when: ansible_facts['service_mgr'] == 'openrc'
      notify: (Handler) Run NGINX
      block:
        - name: Enable OpenRC
          ansible.builtin.copy:
            content: ""
            dest: /run/openrc/softlevel
            force: false
            owner: root
            mode: "0644"

        - name: Upload OpenRC NGINX service file
          ansible.builtin.copy:
            src: services/nginx.openrc
            dest: /etc/init.d/nginx
            owner: root
            group: root
            mode: "0755"

        - name: Enable OpenRC NGINX service # noqa no-changed-when
          ansible.builtin.command: rc-update add nginx default

- name: Cleanup downloads
  ansible.builtin.file:
    path: "{{ item }}"
    state: absent
  loop:
    - "{{ pcre_source['dest'] }}"
    - "{{ zlib_source['dest'] }}"
    - "{{ openssl_source['dest'] }}"
    - "{{ nginx_source['dest'] }}"
  when: item is defined