blender-open-data/playbooks/setup_certificate.yaml

---
- hosts: ingress
  gather_facts: false
  become: true
  roles: [common]
  vars:
    nginx_var_prefix: "{{ service_name|regex_replace('-', '_') }}"
    is_https_config: true
  tasks:
    - name: Creating {{ nginx_temp_path }}
      ansible.builtin.file:
        path: "{{ nginx_temp_path }}"
        state: directory
        owner: "{{ nginx.user }}"
        group: "{{ nginx.group }}"
        recurse: true
      when: nginx_temp_path is defined

    - name: Creating various directories
      file: path={{item}} state=directory owner={{ nginx.user }} group={{ nginx.group }}
      with_items:
        - "{{ dir.errors }}"

    - name: Copying error pages
      ansible.builtin.template:
        src: templates/nginx/errors/{{ item.src }}
        dest: "{{ dir.errors }}/{{ item.dest }}"
        mode: 0644
      loop:
        - src: 5xx.html
          dest: 503.html
          title: Service (Temporarily) Unavailable
      tags:
        - error-pages

    - name: Copying nginx config
      ansible.builtin.template:
        src: templates/nginx/site.conf
        dest: "{{ nginx_conf_dir }}/sites-available/{{ service_name }}.conf"
        mode: 0644
        backup: true
      tags:
        - nginx

    - import_tasks: common/tasks/nginx/enable_site.yaml
      vars:
        config_file: "{{ service_name }}.conf"
      tags:
        - nginx

    - import_tasks: common/tasks/nginx/get_certificate.yaml
      notify:
        - test nginx
        - reload nginx