nginx/tasks/main.yml

---
- name: Install NGINX
  apt:
    update_cache: true
    name: nginx
    state: latest
  register: apt_result
  retries: 3
  until: apt_result is succeeded

- name: Copy snippets
  template:
    src: "snippets/{{ item }}"
    dest: "/etc/nginx/snippets/{{ item }}"
  loop:
    - connection_upgrade.conf # fix some nginx bug

- name: Ensure the cert directory exists
  file:
    path: /etc/nginx/certs
    state: directory

- name: Create a dummy cert
  block:
    - name: Generate private key
      openssl_privatekey:
        path: /etc/nginx/certs/dummy.key
        mode: u=rw,g=,o=
        size: 4096
    - name: Generate the signing request
      openssl_csr:
        path: /etc/nginx/certs/dummy.req
        privatekey_path: /etc/nginx/certs/dummy.key
        common_name: dummy
    - name: Sign Cert
      openssl_certificate:
        path: /etc/nginx/certs/dummy.pem
        privatekey_path: /etc/nginx/certs/dummy.key
        csr_path: /etc/nginx/certs/dummy.req
        provider: selfsigned

- name: Add wasm to mime type
  lineinfile:
    path: /etc/nginx/mime.types
    regexp: '\s*application/wasm\s+wasm;$'
    line: '    application/wasm                      wasm;'
    owner: root
    group: root
    mode: '0644'
    insertbefore: '}'

- name: Copy NGINX conf
  template:
    src: nginx.conf
    dest: /etc/nginx/nginx.conf

- name: Create the SSL reverse proxy conf
  template:
    src: stream_rp.conf
    dest: /etc/nginx/stream_rp.conf
    force: no