play_infra.yml

---

# - name: Install basic infra
#   hosts: servers
#   become: yes
#   roles:
#     - common


- name: "Install nginx and default vhost"
  hosts: servers
  become: yes
  roles:
  - role: certbot
    certbot_prefix: "{{ prefix }}"
    certbot_certs:
    - domains:
        - "{{ nginx_domain }}"
    certbot_admin_email: "{{ admin_email }}"
    certbot_create_if_missing: yes
    certbot_create_method: standalone
    certbot_auto_renew: true
    certbot_auto_renew_minute: 42
    certbot_auto_renew_hour: 6
    certbot_create_standalone_stop_services:
    - nginx

  - role: nginx
    remove_default_vhost: True
    nginx_prefix: "{{ prefix }}"
    vhosts:
    - listen: "80"
      server_name: "{{ nginx_domain }}"
      server_name_redirect: "www.{{ nginx_domain }}"
      return: "301 https://{{ nginx_domain }}$request_uri"
      filename: "{{ nginx_domain }}.redirect.conf"
      state: "present"

    - listen: "443 ssl http2"
      server_name: "{{ nginx_domain }}"
      access_log: "/var/log/nginx/{{ nginx_prefix }}.default.access.log"
      error_log: "/var/log/nginx/{{ nginx_prefix }}.default.error.log"
      root: "{{ nginx_webroot }}"
      tls: True
      tls_certificate: "/etc/letsencrypt/live/{{ nginx_domain }}/fullchain.pem"
      tls_certificate_key: "/etc/letsencrypt/live/{{ nginx_domain }}/privkey.pem"
      state: "present"