--- - name: Disable movim website ansible.builtin.file: path: "{{ nginx.paths.sites_enabled }}/{{ movim.domain }}" state: absent - name: Disable auto redirect to TLS ansible.builtin.file: path: "{{ nginx.paths.sites_enabled }}/redirect_to_https" state: absent - name: Enable default website ansible.builtin.file: dest: "{{ nginx.paths.sites_enabled }}/default" src: "{{ nginx.paths.sites_available }}/default" state: link - name: Install X509 certificates ansible.builtin.command: argv: - certbot - certonly - --agree-tos - -m psotmaster@trans13nrv.eu.org - --nginx - -d - "{{ movim.domain }}" creates: "/etc/letsencrypt/live/{{ movim.domain }}/privkey.pem" - name: Disable default website ansible.builtin.file: path: "{{ nginx.paths.sites_enabled }}/default" state: absent - name: Create auto redirect to TLS for movim ansible.builtin.blockinfile: path: "{{ nginx.paths.sites_available }}/redirect_to_https" block: | server { listen 80 default_server; server_name _; return 301 https://$host$request_uri; } create: true - name: Create movim website ansible.builtin.template: dest: "{{ nginx.paths.sites_available }}/{{ movim.domain }}" src: tasks/chat/templates/movim.j2 owner: "{{ root.user }}" group: "{{ root.group }}" mode: "644" - name: Enable movim website ansible.builtin.file: state: link dest: "{{ nginx.paths.sites_enabled }}/{{ movim.domain }}" src: "{{ nginx.paths.sites_available }}/{{ movim.domain }}" - name: Enable auto redirect to TLS ansible.builtin.file: state: link dest: "{{ nginx.paths.sites_enabled }}/redirect_to_https" src: "{{ nginx.paths.sites_available }}/redirect_to_https" - name: Set access logs to off ansible.builtin.blockinfile: path: "{{ nginx.paths.conf_d }}/10-access_log-disabled.conf" block: | access_log off; create: true - name: Reload nginx service ansible.builtin.systemd_service: name: nginx state: restarted