# Main tasks: install base nginx and letsencrypt redirect --- - name: Install packages community.general.pacman: state: present name: - nginx - php-fpm - mime-types - name: Generate dhparam command: cmd: openssl dhparam -out /etc/nginx/dh-4096.pem 4096 creates: /etc/nginx/dh-4096.pem - name: Enable php-fpm systemd: enabled: true state: started name: php-fpm - name: Create letsencrypt directory file: path: /var/lib/letsencrypt/webroot/.well-known/acme-challenge/ recurse: true state: directory mode: 0755 owner: http group: http - name: create cert dir file: path: /etc/nginx/certs/ recurse: true state: directory mode: 0711 owner: http group: http - name: create conf dir file: path: /etc/nginx/conf.d/ recurse: true state: directory mode: 0711 owner: http group: http - name: Install config copy: src: '{{ item }}' dest: "/etc/nginx/{{ item }}" owner: http group: http mode: 0600 loop: - nginx.conf - redir.conf - letsencrypt - name: Start nginx systemd: enabled: true state: started name: nginx - include: add_websites.yml when: websites_enabled is defined