[mod] role:espe_frontend_and_nginx

roles/espe_frontend-and-nginx/defaults/main.json

@@ -1,4 +1,5 @@
 {
-	"var_espe_frontend_end_nginx_domain": "zackeneule.example.org",
+	"var_espe_frontend_and_nginx_domain": "zackeneule.example.org",
-	"var_espe_frontend_end_nginx_directory": "/opt/zackeneule"
+	"var_espe_frontend_and_nginx_directory": "/opt/zackeneule",
+	"var_espe_frontend_and_nginx_tls": true
 }

roles/espe_frontend-and-nginx/tasks/main.json

@@ -12,7 +12,7 @@
 		"become": true,
 		"ansible.builtin.template": {
 			"src": "conf.j2",
-			"dest": "/etc/nginx/sites-available/{{var_espe_frontend_end_nginx_domain}}"
+			"dest": "/etc/nginx/sites-available/{{var_espe_frontend_and_nginx_domain}}"
 		}
 	},
 	{
@@ -20,8 +20,8 @@
 		"become": true,
 		"ansible.builtin.file": {
 			"state": "link",
-			"src": "/etc/nginx/sites-available/{{var_espe_frontend_end_nginx_domain}}",
+			"src": "/etc/nginx/sites-available/{{var_espe_frontend_and_nginx_domain}}",
-			"dest": "/etc/nginx/sites-enabled/{{var_espe_frontend_end_nginx_domain}}"
+			"dest": "/etc/nginx/sites-enabled/{{var_espe_frontend_and_nginx_domain}}"
 		}
 	},
 	{

roles/espe_frontend-and-nginx/templates/conf.j2

@@ -1,14 +1,16 @@
 server {
-	server_name {{var_espe_frontend_end_nginx_domain}};
+	server_name {{var_espe_frontend_and_nginx_domain}};
 	
 	listen 80;
 	listen [::]:80;
+{% if var_espe_frontend_and_nginx_tls %}
 	listen [::]:443 ssl http2;
 	listen 443 ssl http2;
 	
-	ssl_certificate /etc/ssl/certs/{{var_espe_frontend_end_nginx_domain}}.pem;
+	ssl_certificate /etc/ssl/certs/{{var_espe_frontend_and_nginx_domain}}.pem;
-	ssl_certificate_key /etc/ssl/private/{{var_espe_frontend_end_nginx_domain}}.pem;
+	ssl_certificate_key /etc/ssl/private/{{var_espe_frontend_and_nginx_domain}}.pem;
 	include /etc/nginx/ssl-hardening.conf;
+{% endif %}
 	
-	root {{var_espe_frontend_end_nginx_directory}};
+	root {{var_espe_frontend_and_nginx_directory}};
 }