diff -r 6024861525db -r be979818d483 roles/nginx/tasks/main.yaml
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/nginx/tasks/main.yaml	Thu Jan 03 20:46:13 2019 -0600
@@ -0,0 +1,45 @@
+---
+
+- name: install nginx packages
+  become: yes
+  apt: name="nginx"
+
+- name: install site
+  become: yes
+  template: src="{{nginx_conf_src}}" dest="/etc/nginx/sites-available/{{nginx_conf_dst}}"
+  notify: restart nginx
+
+# https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx
+- name: add certbot (letsencrypt) repo
+  become: yes
+  apt_repository: repo="ppa:certbot/certbot"
+  when: nginx_enable_ssl
+
+- name: install nginx packages
+  become: yes
+  apt: name="python-certbot-nginx"
+  notify: restart nginx
+  when: nginx_enable_ssl
+
+- name: install certbot in nginx
+  become: yes
+  command: "certbot certonly --nginx -n --agree-tos -d {{nginx_server_name}} -m {{nginx_admin_email}}"
+  notify: restart nginx
+  when: nginx_enable_ssl
+
+- name: disable default site
+  become: yes
+  file: path="/etc/nginx/sites-enabled/default" state="absent"
+  notify: restart nginx
+
+- name: enable site
+  become: yes
+  file:
+    src:  "/etc/nginx/sites-available/{{nginx_conf_dst}}"
+    dest: "/etc/nginx/sites-enabled/{{nginx_conf_dst}}"
+    state: "link"
+  notify: restart nginx
+
+- name: enable nginx service
+  become: yes
+  systemd: name="nginx" enabled="yes" state="started"