ansible-playbooks/roles/web/tasks/main.yml

- name: install and configure nginx
  include_role:
    name: nginx
  vars:
    nginx:
      security:
        csp:
        pp:
        headers:
          Cross-Origin-Embedder-Policy:
          Cross-Origin-Opener-Policy:
          Cross-Origin-Resource-Policy:

      servers:
        - conf: redirect_80_any
          name: '*'
          http: yes

        - conf: redirect_80_monroe43
          name: '*.monroe43.ru'
          no_tld: yes
          http: yes

        - conf: redirect_443_monroe43
          name: 'monroe43.ru'
          no_tld: yes
        - conf: redirect_443_monroe43
          name: 'www.monroe43.ru'
          no_tld: yes

        - conf: shop
          name: shop
        - conf: feedback
          name: feedback
        - conf: welcome-spb
          name: welcome-spb
        - conf: spb-10-8
          name: spb-10-8
        - conf: mta-sts
          name: mta-sts

        - conf: default
          is_root: yes
          cn: yes
        - conf: default
          name: www

      certs: yes
      tld: "{{ tld }}"
      security_headers: yes

      domains:
        - "{{ tld }}"
        - "www.{{ tld }}"
        - "monroe43.ru"
        - "www.monroe43.ru"
        - "feedback.{{ tld }}"
        - "mta-sts.{{ tld }}"
        - "shop.{{ tld }}"
        - "spb-10-8.{{ tld }}"
        - "welcome-spb.{{ tld }}"


- name: create directories
  file:
    path: "{{ webroot_dir ~ '/' ~ item }}"
    state: directory
  loop:
    - acme
    - acme/.well-known
    - acme/.well-known/acme-challenge
    - static
    - mta-sts
    - mta-sts/.well-known


- name: build mta-sts file
  template:
    src: mta-sts-file.j2
    dest: "{{ webroot_dir }}/mta-sts/.well-known/mta-sts.txt"
    force: yes
    lstrip_blocks: yes


- name: upload static bimi logo
  copy:
    src: logo.svg
    dest: "{{ webroot_dir }}/static/logo.svg"


- name: add directories to backup plan
  include_role:
    name: backup
  vars:
    function: add
    backup_items:
      - "{{ webroot_dir }}"
init 2 years ago			`- name: install and configure nginx`
			`include_role:`
			`name: nginx`
			`vars:`
			`nginx:`
			`security:`
			`csp:`
			`pp:`
			`headers:`
			`Cross-Origin-Embedder-Policy:`
			`Cross-Origin-Opener-Policy:`
			`Cross-Origin-Resource-Policy:`

			`servers:`
			`- conf: redirect_80_any`
			`name: '*'`
			`http: yes`

			`- conf: redirect_80_monroe43`
			`name: '*.monroe43.ru'`
			`no_tld: yes`
			`http: yes`

			`- conf: redirect_443_monroe43`
			`name: 'monroe43.ru'`
			`no_tld: yes`
			`- conf: redirect_443_monroe43`
			`name: 'www.monroe43.ru'`
			`no_tld: yes`

			`- conf: shop`
			`name: shop`
			`- conf: feedback`
			`name: feedback`
			`- conf: welcome-spb`
			`name: welcome-spb`
			`- conf: spb-10-8`
			`name: spb-10-8`
			`- conf: mta-sts`
			`name: mta-sts`

			`- conf: default`
			`is_root: yes`
			`cn: yes`
			`- conf: default`
			`name: www`

			`certs: yes`
			`tld: "{{ tld }}"`
			`security_headers: yes`

			`domains:`
			`- "{{ tld }}"`
			`- "www.{{ tld }}"`
			`- "monroe43.ru"`
			`- "www.monroe43.ru"`
			`- "feedback.{{ tld }}"`
			`- "mta-sts.{{ tld }}"`
			`- "shop.{{ tld }}"`
			`- "spb-10-8.{{ tld }}"`
			`- "welcome-spb.{{ tld }}"`


			`- name: create directories`
			`file:`
			`path: "{{ webroot_dir ~ '/' ~ item }}"`
			`state: directory`
			`loop:`
			`- acme`
			`- acme/.well-known`
			`- acme/.well-known/acme-challenge`
			`- static`
			`- mta-sts`
			`- mta-sts/.well-known`


			`- name: build mta-sts file`
			`template:`
			`src: mta-sts-file.j2`
			`dest: "{{ webroot_dir }}/mta-sts/.well-known/mta-sts.txt"`
			`force: yes`
			`lstrip_blocks: yes`


			`- name: upload static bimi logo`
			`copy:`
			`src: logo.svg`
			`dest: "{{ webroot_dir }}/static/logo.svg"`


			`- name: add directories to backup plan`
			`include_role:`
			`name: backup`
			`vars:`
			`function: add`
			`backup_items:`
			`- "{{ webroot_dir }}"`