1 files changed, 53 insertions, 0 deletions

diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
new file mode 100644
index 00000000..19791235
--- /dev/null
+++ b/roles/nginx/tasks/main.yml
@@ -0,0 +1,53 @@
+---
+- name: install nginx
+  apt:
+    name: "{{ nginx_pkg_name }}"
+    state: present
+
+- name: remove nginx default config
+  file:
+    name: /etc/nginx/sites-enabled/default
+    state: absent
+  notify: restart nginx
+
+- name: install nginx config snippets
+  loop:
+    - ssl
+    - hsts
+  copy:
+    src: "{{ global_files_dir }}/common/nginx-snippets/{{ item }}.conf"
+    dest: /etc/nginx/snippets/
+  notify: restart nginx
+
+- name: generate Diffie-Hellman parameters
+  openssl_dhparam:
+    path: /etc/ssl/dhparams.pem
+    size: 2048
+  notify: restart nginx
+
+- name: install nginx configs from template
+  loop: "{{ nginx_vhosts | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  when: "'template' in item.value"
+  template:
+    src: "{{ item.value.template }}.conf.j2"
+    dest: "/etc/nginx/sites-available/{{ item.key }}"
+  notify: restart nginx
+
+- name: install nginx configs from config data
+  loop: "{{ nginx_vhosts | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  when: "'contents' in item.value"
+  copy:
+    contents: "{{ item.value.contents }}"
+    dest: "/etc/nginx/sites-available/{{ item.key }}"
+  notify: restart nginx
+
+- name: generate acme certificate
+  loop: "{{ nginx_vhosts | dict2items }}"
+  loop_control:
+    label: "{{ item.key }} ({{ item.value.hostnames | join(', ') }})"
+  when: item.value.acme
+  include_tasks: acme.yml