--- - name: Install nginx apt: name: "{{ item }}" state: present with_items: - nginx - name: Upload new DH params file copy: src: "{{ dhparams }}" dest: /etc/ssl/dh4096.pem owner: root group: root mode: 0644 notify: - restart nginx when: dhparams is defined - name: Generate dhparams command: openssl dhparam -out /etc/ssl/dh4096.pem 4096 args: creates: /etc/ssl/dh4096.pem notify: - restart nginx when: dhparams is not defined - name: Fix dhparams privileges file: path: /etc/ssl/dh4096.pem owner: root group: root mode: 0644 notify: - restart nginx - name: Ensure about snippets directory file: path: /etc/nginx/snippets state: directory owner: root group: root mode: 0755 - name: Deploy snippets template: src: "snippets/{{ item }}.j2" dest: "/etc/nginx/snippets/{{ item }}" owner: root group: root mode: 0644 with_items: - acme.conf - common.conf - ssl-common.conf - ssl-medium-common.conf notify: - restart nginx - name: Check nginx default page stat: path: /etc/nginx/sites-enabled/default register: stat_default - name: Delete nginx default page file: path: /etc/nginx/sites-enabled/default state: absent notify: - restart nginx when: stat_default.stat.exists and stat_default.stat.islnk == True - name: Detect acme configuration on some vhost shell: ls | grep -v default | while read LINE; do cat "$LINE" ; done | grep -q 'include snippets/acme.conf' args: chdir: /etc/nginx/sites-enabled register: autodetect changed_when: False failed_when: False when: nginx_deploy_default_config == True and nginx_enable_autodetection == True - name: Deploy default page (with our snippets etc) copy: src: default ## Do not deploy it as symlik dest: /etc/nginx/sites-enabled/default owner: root group: root mode: 0644 notify: - restart nginx when: (nginx_deploy_default_config == True and nginx_enable_autodetection == True and autodetect.rc != 0) or (nginx_deploy_default_config == True and nginx_enable_autodetection == False) - meta: flush_handlers