[fix] role:nginx

roles/nginx/defaults/main.json

@@ -1,3 +1,3 @@
 {
+	"var_nginx_auto_reload_interval": null
 }
-

roles/nginx/tasks/main.json.orig

@@ -0,0 +1,86 @@
+[
+	{
+		"name": "install packages",
+		"become": true,
+		"ansible.builtin.apt": {
+			"update_cache": true,
+			"pkg": [
+				"nginx"
+			]
+		}
+	},
+	{
+<<<<<<< HEAD
+=======
+		"name": "generate dhparams file",
+		"become": true,
+		"ansible.builtin.command": {
+			"cmd": "openssl dhparam -out /etc/nginx/dhparam 4096"
+		},
+		"args": {
+			"creates": "/etc/nginx/dhparam"
+		}
+	},
+	{
+		"name": "place hardening config",
+		"become": true,
+		"ansible.builtin.copy": {
+			"src": "ssl-hardening.conf",
+			"dest": "/etc/nginx/ssl-hardening.conf"
+		}
+	},
+	{
+		"name": "ufw | check",
+		"become": true,
+		"check_mode": true,
+		"community.general.ufw": {
+			"state": "enabled"
+		},
+		"register": "ufw_enable_check"
+	},
+	{
+		"name": "ufw | allow port 80",
+		"when": "not ufw_enable_check.changed",
+		"become": true,
+		"community.general.ufw": {
+			"rule": "allow",
+			"port": "80",
+			"proto": "tcp"
+		}
+	},
+	{
+		"name": "ufw | allow port 443",
+		"when": "not ufw_enable_check.changed",
+		"become": true,
+		"community.general.ufw": {
+			"rule": "allow",
+			"port": "443",
+			"proto": "tcp"
+		}
+	},
+	{
+		"name": "auto reload",
+		"when": "auto_reload_interval != None",
+		"become": true,
+		"ansible.builtin.cron": {
+			"name": "nginx_auto_reload",
+			"disabled": true,
+			"minute": "0",
+			"hour": "*/{{var_nginx_auto_reload_interval | string}}",
+			"day": "*",
+			"month": "*",
+			"weekday": "*",
+			"job": "systemctl reload nginx"
+		}
+	},
+	{
+>>>>>>> f55f317 ([fix] role:nginx)
+		"name": "restart service",
+		"become": true,
+		"ansible.builtin.systemd_service": {
+			"state": "restarted",
+			"name": "nginx"
+		}
+	}
+]
+

roles/nginx/vardef.json

@@ -0,0 +1,8 @@
+{
+	"auto_reload_interval": {
+		"description": "in hours",
+		"nullable": true,
+		"type": "integer",
+		"mandatory": false
+	}
+}