--- - name: Copy main nginx configuration file become: true ansible.builtin.copy: src: 'nginx/nginx.conf' dest: '/etc/nginx/' owner: root group: root mode: 'u=rw,g=r,o=r' notify: - systemctl reload nginx - name: Create 'private' directory become: true ansible.builtin.file: path: '/etc/nginx/private' state: directory owner: root group: root mode: 'u=rwx,g=rx,o=rx' - name: Create new dhparam of size '{{ nginx__dhparam_size }}' become: true community.crypto.openssl_dhparam: path: '/etc/nginx/private/dhparam.pem' size: '{{ nginx__dhparam_size | mandatory }}' notify: - systemctl reload nginx - name: Create 'sites-available' directory become: true ansible.builtin.file: path: '/etc/nginx/sites-available' state: directory owner: root group: root mode: 'u=rwx,g=rx,o=rx' - name: Create 'sites-enabled' directory become: true ansible.builtin.file: path: '/etc/nginx/sites-enabled' state: directory owner: root group: root mode: 'u=rwx,g=rx,o=rx' # Todo: Reconsider best practices - name: Remove default site config from package installation become: true ansible.builtin.file: path: '{{ item }}' state: absent with_items: - '/etc/nginx/sites-enabled/default' - '/etc/nginx/sites-available/default' - name: Create 'snippets' directory become: true ansible.builtin.file: path: '/etc/nginx/snippets' state: directory owner: root group: root mode: 'u=rwx,g=rx,o=rx' - name: Copy nginx snippet files become: true ansible.builtin.copy: src: '{{ nginx__snippet_path }}{{ item }}' dest: '/etc/nginx/snippets/{{ item }}' owner: root group: root mode: 'u=rw,g=r,o=r' with_items: '{{ nginx__snippet_files }}' notify: - systemctl reload nginx