:wrench: fix nginx & folder settings

deploy/roles/mint-clone/tasks/main.yml

@@ -16,10 +16,15 @@
   args:
     chdir: "{{ app_deploy_target }}"
 
+# - name: Install v2 nodejs dependencies
+#   ansible.builtin.shell: npm install
+#   args:
+#     chdir: "{{ app_deploy_target }}"
 - name: Install v2 nodejs dependencies
-  ansible.builtin.shell: npm install
-  args:
-    chdir: "{{ app_deploy_target }}"
+  ansible.builtin.file:
+    src: "/var/www/{{ inventory_hostname }}/node_modules/v2"
+    dest: "{{ app_deploy_target }}/node_modules"
+    state: link
 
 # TODO will remove in future
 - name: Install v1 php dependencies
@@ -28,10 +33,27 @@
     chdir: "{{ app_deploy_target }}/public"
 
 # TODO will remove in future
+# - name: Install v1 nodejs dependencies
+#   ansible.builtin.shell: npm install
+#   args:
+#     chdir: "{{ app_deploy_target }}/public"
 - name: Install v1 nodejs dependencies
-  ansible.builtin.shell: npm install
-  args:
-    chdir: "{{ app_deploy_target }}/public"
+  ansible.builtin.file:
+    src: "/var/www/{{ inventory_hostname }}/node_modules/v1"
+    dest: "{{ app_deploy_target }}/public/node_modules"
+    state: link
+
+- name: Install tmp
+  ansible.builtin.file:
+    src: "/var/www/{{ inventory_hostname }}/tmp"
+    dest: "{{ app_deploy_target }}/tmp"
+    state: link
+
+- name: Install tmp
+  ansible.builtin.file:
+    src: "/var/www/{{ inventory_hostname }}/tmp"
+    dest: "{{ app_deploy_target }}/public/tmp"
+    state: link
 
 - name: .env(v2)
   become: true
@@ -61,3 +83,9 @@
     owner: www-data
     group: www-data
     mode: '0400'
+
+# - name: Create a current link
+#   ansible.builtin.file:
+#     src: "{{ app_deploy_target }}"
+#     dest: /var/www/{{ inventory_hostname }}/current
+#     state: link

deploy/roles/mint-www/templates/nginx.conf.j2

@@ -1,33 +1,43 @@
+# https://laravel.com/docs/8.x/deployment#nginx
+
 server {
     listen 80;
+    listen [::]:80;
+
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
 
     gzip on;
     server_name {{ inventory_hostname }};
     root {{ app_deploy_target }};
     client_max_body_size 16M;
+    index index.php;
+    charset utf-8;
 
-    access_log off;
+    access_log /var/log/nginx/{{ inventory_hostname }}.access.log;
     error_log /var/log/nginx/{{ inventory_hostname }}.error.log warn;
 
     location / {
-        index index.html index.php;
+        try_files $uri $uri/ /index.php?$query_string;
     }
 
-    location ~ /.git/ {
-        deny all;
+    location = /favicon.ico {
+        log_not_found off;
+    }
+    location = /robots.txt  {
+        log_not_found off;
     }
 
-    location ~ \.php$ {
-        try_files $fastcgi_script_name =404;
+    error_page 404 /index.php;
 
+    location ~ \.php$ {
+        fastcgi_pass unix:/var/run/php/php{{ app_php_version }}-fpm.sock;
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
         include fastcgi_params;
+    }
 
-        fastcgi_pass			unix:/run/php/php{{ app_php_version }}-fpm.sock;
-        fastcgi_index			index.php;
-        fastcgi_buffers			8 16k;
-        fastcgi_buffer_size		32k;
-
-        fastcgi_param DOCUMENT_ROOT     $realpath_root;
-        fastcgi_param SCRIPT_FILENAME   $realpath_root$fastcgi_script_name;
+    location ~ /\.(?!well-known).* {
+        deny all;
     }
+
 }

deploy/roles/ubuntu/tasks/zsh.yml

@@ -21,6 +21,11 @@
     remote_src: true
     mode: 0600
 
+- name: Enable $HOME/.local
+  ansible.builtin.lineinfile:
+    path: "{{ansible_env.HOME}}/.zshrc"
+    line: 'export PATH=$HOME/.local/bin:$PATH'
+
 - name: Use zsh
   become: true
   shell: chsh -s /bin/zsh {{ansible_user}}