moved force_ssl and self signed cert to tasks

defaults/main.yml

@@ -12,3 +12,15 @@ nginx:
   resolver:
     - 8.8.8.8
     - 8.8.4.4
+
+nginx_forcessl_vhost:
+  "https-redirect":
+    listen:
+      nossl: True
+      ssl: False
+    locations:
+      - match: '/.well-known/acme-challenge/'
+        alias: '/var/www/letsencrypt/'
+      - match: '/'
+        custom:
+        - return 301 https://$host$request_uri

files/config/sites-available/https-redirect

@@ -1,11 +0,0 @@
-server {
-        listen 80;
-        listen [::]:80;
-
-        location /.well-known/acme-challenge/ {
-                alias /var/www/letsencrypt/;
-        }
-        location / {
-                return 301 https://$host$request_uri;
-        }
-}

tasks/main.yml

@@ -2,12 +2,17 @@
 - set_fact:
     nginx_certs: "{{ nginx.vhosts|nginx_vhosts_to_certificates }}"
     inventory_certs: "{{ certificates.certs|d({}) }}"
+    selfsigned_cert: "{ '{{ inventory_hostname }}': { 'backend': 'selfsigned' }}"
 
 - include_role:
     name: certificates
   vars:
     certificates:
-      certs: "{{ {}|combine(nginx_certs, inventory_certs, recursive=True) }}"
+      certs: "{{ {}|combine(selfsigned_cert|from_yaml,  nginx_certs, inventory_certs, recursive=True) }}"
+
+- debug:
+    verbosity: 1
+    var: nginx
 
 - name: install nginx
   apt: pkg=nginx
@@ -74,16 +79,7 @@
     src: "/etc/nginx/sites-available/{{ item.key }}"
     path:  "/etc/nginx/sites-enabled/{{ item.key }}"
     state: link
-  with_dict: "{{ nginx.vhosts }}"
+  with_dict: "{{ {}|combine((nginx_forcessl_vhost if nginx.force_ssl else {}),  nginx.vhosts, recursive=True) }}"
-  notify:
-  - restart nginx
-
-- name: enable https redirect
-  file:
-    src: "/etc/nginx/sites-available/https-redirect"
-    path:  "/etc/nginx/sites-enabled/https-redirect"
-    state: link
-  when: nginx.force_ssl
   notify:
   - restart nginx