From 1e7f05a29e1c4ca0a47d8d5f8d7683e8c7602a3e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20D=C3=A9siles?=
 <1536672+cdesiles@users.noreply.github.com>
Date: Sat, 15 Nov 2025 00:18:49 +0100
Subject: [PATCH] fix: nginx log rotation

---
 roles/nginx/templates/logrotate-nginx.j2 | 27 ++++++++++++++++++++++++
 roles/nginx/vars/debian.yml              |  2 ++
 2 files changed, 29 insertions(+)
 create mode 100644 roles/nginx/templates/logrotate-nginx.j2
 create mode 100644 roles/nginx/vars/debian.yml

diff --git a/roles/nginx/templates/logrotate-nginx.j2 b/roles/nginx/templates/logrotate-nginx.j2
new file mode 100644
index 0000000..6de87dd
--- /dev/null
+++ b/roles/nginx/templates/logrotate-nginx.j2
@@ -0,0 +1,27 @@
+# Logrotate configuration for nginx
+# Managed by Ansible - DO NOT EDIT MANUALLY
+
+/var/log/nginx/*.log {
+    {{ nginx_logrotate_frequency }}
+    missingok
+    rotate {{ nginx_logrotate_rotate }}
+    {% if nginx_logrotate_compress %}
+    compress
+    delaycompress
+    {% endif %}
+    notifempty
+    create 0640 {{ nginx_user }} adm
+    sharedscripts
+    prerotate
+        if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
+            run-parts /etc/logrotate.d/httpd-prerotate; \
+        fi
+    endscript
+    postrotate
+        # Test config before reload
+        nginx -t > /dev/null 2>&1
+        if [ $? -eq 0 ]; then
+            systemctl reload nginx > /dev/null 2>&1 || true
+        fi
+    endscript
+}
diff --git a/roles/nginx/vars/debian.yml b/roles/nginx/vars/debian.yml
new file mode 100644
index 0000000..77369aa
--- /dev/null
+++ b/roles/nginx/vars/debian.yml
@@ -0,0 +1,2 @@
+---
+nginx_user: www-data