fix nginx/server role for openbsd

roles/nginx/server/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+nginx_user: nginx
+nginx_logdir: /var/log/nginx

roles/nginx/server/tasks/main.yml

@@ -1,4 +1,6 @@
 ---
+- name: include os-specific variables
+  include_vars: "{{ ansible_os_family }}.yml"
 
 - name: install nginx packages
   package:
@@ -11,7 +13,7 @@
     path: "{{ item }}"
     mode: 0755
     owner: root
-    group: root
+    group: "{{ ansible_wheel }}"
   with_items:
     - /srv/web
     - "/srv/web/{{ inventory_hostname }}"
@@ -21,6 +23,7 @@
   sefcontext:
     path: /srv/web(/.*)?
     setype: httpd_sys_content_t
+  when: ansible_selinux_python_present == true
 
 - name: create nginx base config
   template:
@@ -28,7 +31,7 @@
     dest: /etc/nginx/nginx.conf
     mode: 0644
     owner: root
-    group: root
+    group: "{{ ansible_wheel }}"
   notify: restart nginx
 
 - name: enable nginx service

roles/nginx/server/templates/nginx.conf.j2

@@ -1,10 +1,11 @@
 
+{% if ansible_os_family == "RedHat" %}
 include /usr/share/nginx/modules/mod-http-xslt-filter.conf;
+{% endif %}
 
-user nginx;
+user {{ nginx_user }};
 worker_processes auto;
-error_log /var/log/nginx/error.log;
-pid /run/nginx.pid;
+error_log {{ nginx_logdir }}/error.log;
 
 events {
     worker_connections 1024;
@@ -14,7 +15,7 @@ http {
     log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                     '$status $body_bytes_sent "$http_referer" '
                     '"$http_user_agent" $host';
-    access_log /var/log/nginx/access.log main;
+    access_log {{ nginx_logdir }}/access.log main;
 
     ssl on;
     ssl_session_cache builtin:1000 shared:SSL:10m;
@@ -27,11 +28,11 @@ http {
         listen [::]:443 ssl;
         server_name {{ inventory_hostname }};
 
-        ssl_certificate /etc/pki/tls/certs/{{ inventory_hostname }}.crt;
-        ssl_trusted_certificate /etc/pki/tls/certs/ca.crt;
-        ssl_certificate_key /etc/pki/tls/private/{{ inventory_hostname }}.key;
+        ssl_certificate {{ tls_certs }}/{{ inventory_hostname }}.crt;
+        ssl_trusted_certificate {{ tls_certs }}/ca.crt;
+        ssl_certificate_key {{ tls_private }}/{{ inventory_hostname }}.key;
 
-        ssl_client_certificate /etc/pki/tls/certs/ca.crt;
+        ssl_client_certificate {{ tls_certs }}/ca.crt;
         ssl_verify_client on;
 
         root /srv/web/{{ inventory_hostname }};

roles/nginx/server/vars/OpenBSD.yml

@@ -0,0 +1,3 @@
+---
+nginx_user: www
+nginx_logdir: /var/www/logs