Added hardening settings.
---
- name: install nginx packages
become: yes
apt: name="nginx"
- name: install site
become: yes
template: src="{{nginx_conf_src}}" dest="/etc/nginx/sites-available/{{nginx_conf_dst}}"
notify: restart nginx
- name: install nginx packages
become: yes
apt: name="python-certbot-nginx"
notify: restart nginx
when: nginx_enable_ssl
- name: install certbot in nginx
become: yes
command: "certbot certonly --nginx -n --agree-tos -d {{nginx_server_name}} -m {{nginx_admin_email}}"
notify: restart nginx
when: nginx_enable_ssl
- name: disable default site
become: yes
file: path="/etc/nginx/sites-enabled/default" state="absent"
notify: restart nginx
- name: enable site
become: yes
file:
src: "/etc/nginx/sites-available/{{nginx_conf_dst}}"
dest: "/etc/nginx/sites-enabled/{{nginx_conf_dst}}"
state: "link"
notify: restart nginx
- name: enable nginx service
become: yes
systemd: name="nginx" enabled="yes" state="started"