---
security_ssh_permit_root_login: 'yes'

php_default_version_debian: '{{ php_version }}'
php_enable_php_fpm: true
php_version: 7.4
php_webserver_daemon: nginx
php_packages:
    - 'php{{ php_version }}-cli'
    - 'php{{ php_version }}-common'
    - 'php{{ php_version }}-fpm'
    - 'php{{ php_version }}-gd'
    - 'php{{ php_version }}-mbstring'
    - 'php{{ php_version }}-mysql'
    - 'php{{ php_version }}-pdo'
    - 'php{{ php_version }}-xml'

app_mysql_user: '{{ vault_app_mysql_user }}'
app_mysql_password: '{{ vault_app_mysql_password }}'

mysql_packages:
  - mariadb-client
  - mariadb-server
  - python-mysqldb

mysql_databases:
  - name: oliverdavies_uk

nginx_remove_default_vhost: true
nginx_server_tokens: 'off'
nginx_vhosts:
  - listen: 80
    server_name: d8.oliverdavies.uk
    root: '{{ project_root_path }}/{{ ansistrano_current_dir }}/{{ project_web_dir }}'
    index: index.php
    extra_parameters: |
      location / {
        try_files $uri /index.php?$query_string;
      }

      location @rewrite {
        rewrite ^/(.*)$ /index.php?q=$1;
      }

      # Don't allow direct access to PHP files in the vendor directory.
      location ~ /vendor/.*\.php$ {
        deny all;
        return 404;
      }

      location ~ '\.php$|^/update.php' {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_intercept_errors on;
        fastcgi_pass localhost:9000;
      }