From d9b6c2d27ffe37200148c5b430ca2c9890224614 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Thu, 30 Jan 2025 12:30:33 +0000
Subject: [PATCH] nginx: Add custom logrotate script for OpenBSD

---
 roles/nginx/tasks/main.yml | 29 +++++++++++++++++++++--------
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 0461f73..a397adf 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -70,15 +70,28 @@
     group: "{{ ansible_wheel }}"
   when: ansible_os_family == "RedHat"
 
-- name: Fix rotating access.log
-  ansible.builtin.lineinfile:
+- name: Disable web logs from newsyslog
+  ansible.builtin.replace:
     path: /etc/newsyslog.conf
-    regexp: "^{{ item }}\\s"
-    line: |-
-      {{ '{:<40}'.format(item) }}644  7     *    $D0   Z /var/run/nginx.pid
-  with_items:
-    - /var/www/logs/access.log
-    - /var/www/logs/error.log
+    regexp: "^/var/www/logs/"
+    replace: "#/var/www/logs/"
+  when: ansible_system == "OpenBSD"
+
+- name: Install logrotate script
+  ansible.builtin.copy:
+    dest: /usr/local/bin/nginx-logrotate
+    src: nginx-logrotate.sh
+    mode: "0755"
+    owner: root
+    group: "{{ ansible_wheel }}"
+  when: ansible_system == "OpenBSD"
+
+- name: Add logrotate cron job
+  ansible.builtin.cron:
+    name: nginx-logrotate
+    hour: "0"
+    minute: "0"
+    job: /usr/local/bin/nginx-logrotate
   when: ansible_system == "OpenBSD"
 
 - name: Enable nginx service