[ { "name": "show vars", "ansible.builtin.debug": { "var": "vars.cfg_nginx" } }, { "name": "install packages", "become": true, "ansible.builtin.apt": { "update_cache": true, "pkg": [ "nginx", "openssl" ] } }, { "name": "generate dhparams file", "when": "cfg_nginx.dhparam_size != None", "become": true, "ansible.builtin.command": { "cmd": "openssl dhparam -out /etc/nginx/dhparam {{cfg_nginx.dhparam_size | string}}" }, "args": { "creates": "/etc/nginx/dhparam" } }, { "name": "place hardening config", "become": true, "ansible.builtin.template": { "src": "ssl-hardening.conf.j2", "dest": "/etc/nginx/ssl-hardening.conf" } }, { "name": "ufw", "block": [ { "name": "check", "become": true, "check_mode": true, "community.general.ufw": { "state": "enabled" }, "register": "ufw_enable_check" }, { "name": "allow port 80", "when": "not ufw_enable_check.changed", "become": true, "community.general.ufw": { "rule": "allow", "port": "80", "proto": "tcp" } }, { "name": "allow port 443", "when": "not ufw_enable_check.changed", "become": true, "community.general.ufw": { "rule": "allow", "port": "443", "proto": "tcp" } } ] }, { "name": "auto reload", "when": "cfg_nginx.auto_reload_interval == None", "become": true, "ansible.builtin.cron": { "name": "nginx_auto_reload", "disabled": true, "minute": "0", "hour": "*/{{cfg_nginx.auto_reload_interval | string}}", "day": "*", "month": "*", "weekday": "*", "job": "systemctl reload nginx" } }, { "name": "auto reload", "when": "cfg_nginx.auto_reload_interval != None", "become": true, "ansible.builtin.cron": { "name": "nginx_auto_reload", "disabled": false, "minute": "0", "hour": "*/{{cfg_nginx.auto_reload_interval | string}}", "day": "*", "month": "*", "weekday": "*", "job": "systemctl reload nginx" } }, { "name": "restart service", "become": true, "ansible.builtin.systemd_service": { "state": "restarted", "name": "nginx" } } ]