test: not to be merged

roles/nginx/tasks/letsencrypt.yml

@@ -0,0 +1,25 @@
+---
+
+- name: Generate certificate
+  ansible.builtin.command:
+    cmd: "/etc/x509/acme.sh --issue --domain {{ item.host }} --webroot {{ nginx_letsencrypt_dir }}"
+    creates: "/etc/x509/{{ item.host }}*"
+  environment:
+    LE_WORKING_DIR: /etc/x509
+
+- name: Get ecc certificate dir
+  ansible.builtin.stat:
+    path: "/etc/x509/{{ item.host }}_ecc/"
+  register: _nginx_x509_ecc_current_dir
+
+- name: Move ecc certificate
+  ansible.builtin.copy:
+    remote_src: true
+    src: "/etc/x509/{{ item.host }}_ecc/"
+    dest: "/etc/x509/{{ item.host }}/"
+  when: _nginx_x509_ecc_current_dir.stat.exists
+
+- name: Remove ecc certificate
+  ansible.builtin.file:
+    path: "/etc/x509/{{ item.host }}_ecc"
+    state: absent

roles/nginx/tasks/main.yml

@@ -41,5 +41,12 @@
     mode: 'u+rwx,g+rs,o-rwx'
     state: directory
 
+- name: Flush handlers
+  ansible.builtin.meta: flush_handlers
+
+- name: Handle letsencrypt cert
+  ansible.builtin.include_tasks: letsencrypt.yml
+  loop: "{{ web_hostname }}"
+
 - name: Include vhosts
   ansible.builtin.include_tasks: vhosts.yml

roles/nginx/templates/vhosts/tamerelol.giteu.be.conf.j2

@@ -0,0 +1,19 @@
+server {
+{% include './templates/header.conf.j2' %}
+	
+	root /srv/http/analyse.nintendojo.fr/;
+	index index.html index.htm index.php;
+	
+	location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+		expires 2w;
+		log_not_found off;
+	}
+	
+	location ~ \.htaccess$ {
+		deny all;
+	}
+	
+	location ~ ^/tmp {
+		deny all;
+	}
+}