readytouse

immich-ansible/roles/nginx/tasks/config.yml

@@ -0,0 +1,63 @@
+---
+- name: Vérifier les variables obligatoires du rôle Nginx Immich
+  ansible.builtin.assert:
+    that:
+      - immich_domain is defined
+      - immich_domain | length > 0
+      - immich_host_http_port is defined
+      - immich_host_http_port | string | length > 0
+      - letsencrypt_email is defined
+      - letsencrypt_email | length > 0
+    fail_msg: >-
+      Variables obligatoires manquantes pour le rôle nginx :
+      immich_domain, immich_host_http_port, letsencrypt_email.
+
+- name: Définir le nom du fichier de site Nginx Immich
+  ansible.builtin.set_fact:
+    immich_nginx_site_filename_resolved: "{{ immich_nginx_site_filename | default(immich_domain ~ '.conf') }}"
+
+- name: Supprimer le site Nginx par défaut si présent
+  ansible.builtin.file:
+    path: /etc/nginx/sites-enabled/default
+    state: absent
+  notify: reload nginx
+
+- name: Déployer la configuration HTTP temporaire Immich
+  ansible.builtin.template:
+    src: immich.http-only.conf.j2
+    dest: "/etc/nginx/sites-available/{{ immich_nginx_site_filename_resolved }}"
+    owner: root
+    group: root
+    mode: "0644"
+  notify: reload nginx
+
+- name: Activer le site Nginx Immich
+  ansible.builtin.file:
+    src: "/etc/nginx/sites-available/{{ immich_nginx_site_filename_resolved }}"
+    dest: "/etc/nginx/sites-enabled/{{ immich_nginx_site_filename_resolved }}"
+    state: link
+    force: true
+  notify: reload nginx
+
+- name: Appliquer la configuration HTTP temporaire
+  ansible.builtin.meta: flush_handlers
+
+- name: Obtenir le certificat Let's Encrypt pour Immich
+  ansible.builtin.command: >-
+    certbot certonly --non-interactive --agree-tos
+    --email {{ letsencrypt_email }}
+    --nginx -d {{ immich_domain }}
+  args:
+    creates: "/etc/letsencrypt/live/{{ immich_domain }}/fullchain.pem"
+
+- name: Déployer la configuration HTTPS finale Immich
+  ansible.builtin.template:
+    src: immich.https.conf.j2
+    dest: "/etc/nginx/sites-available/{{ immich_nginx_site_filename_resolved }}"
+    owner: root
+    group: root
+    mode: "0644"
+  notify: reload nginx
+
+- name: Appliquer la configuration HTTPS finale
+  ansible.builtin.meta: flush_handlers

immich-ansible/roles/nginx/tasks/install.yml

@@ -0,0 +1,15 @@
+---
+- name: Installer Nginx et Certbot
+  ansible.builtin.apt:
+    update_cache: true
+    name:
+      - nginx
+      - certbot
+      - python3-certbot-nginx
+    state: present
+
+- name: Activer et démarrer Nginx
+  ansible.builtin.service:
+    name: nginx
+    state: started
+    enabled: true

immich-ansible/roles/nginx/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+- name: Installer / mettre à jour Nginx et Certbot
+  ansible.builtin.include_tasks:
+    file: install.yml
+    apply:
+      tags: [nginx_update, nginx_config]
+  tags: [nginx_update, nginx_config]
+
+- name: Configurer Nginx pour Immich
+  ansible.builtin.include_tasks:
+    file: config.yml
+    apply:
+      tags: [nginx_config]
+  tags: [nginx_config]