Signed-off-by: Florian Pritz <bluewind@xinu.at>

At http://www.archlinux.org/check_network_status.txt (no https)

Instead of looking at the access time of the dirs; that one is
useless for cleaning.

The tasks that use variables need them to be at least defined,
even if empty, to be able to run. Added some defaults.

When using when: on ansible, it already checks if the variable is
set or not. But the variable must still be defined.

To correctly be safe for CVE-2016-1247, we need all nginx log dirs
to be owned by both user and group root. Also, since nginx childs
runs as http user, the directories permissions must be 0755, so the
http user can descent into it. Since the logrotate will create the
log files as http:log, the nginx childs will be able to write to the
logs, but will not be able to create files inside those dirs, fully
preventing CVE-2016-1247.

Create a dummy patchwork role for returning a HTTP 503 message while
we work on updating patchwork version and carry on with gudrun decommission.

Signed-off-by: Florian Pritz <bluewind@xinu.at>

Signed-off-by: Florian Pritz <bluewind@xinu.at>

Added the missing index rewrites. They are used for sorting the issues,
and they were not working, because nginx needs it to be an absolute regex,
ending in $ for it to work, otherwise it replaces the index files finding
logic.

We don't use any and the template is the same as for normal extensions
so it's wrong anways.

Signed-off-by: Florian Pritz <bluewind@xinu.at>

Signed-off-by: Florian Pritz <bluewind@xinu.at>

The task rewrites were not working because the location regex was
matching only up to the task id.

CVE-2016-1247 is a symlink attack on the log dir of nginx since a
reopening of the logs (triggered by logrotate) opens the logs as
nginx instead of root. logrotate creates the proper log files
already so nginx doesn't need write permissions to those directories.

Added some more rewrites to the flyspray role. Changed from using
try_files (they are meant to static first, then dynamic). Nginx
locations can only deal in absolute URL's, so they all need to have
/ in front of them.

Initial work on the flyspray rewrites. The tasks rewrites are working.

When cloning the empty repository for the first time, there can't
be a setup directory, otherwise the clone will fail. We check if
the user was created on that run or not and don't create the setup
directory in that case.

The setup directory for flyspray is present on our git, so, instead of being
deleted after the installation, it remains on the repository. To avoid issues
with it, it has permissions 000 when not in use. But, for cloning, it is
required to have write permissions. So, we do this permission juggling before
cloning.

roles/flyspray: Initial work on flyspray PHP support. Redirects are needed in order for flyspray to run.

roles/flyspray: Changed the flyspray user from php-flyspray to flyspray and made the template of the php-fpm.conf to follow.

roles/flyspray: Remove duplicated register and created a task to enable and start the php-fpm@flyspray.socket.