--- - name: Vérifier les variables obligatoires du rôle Nginx Immich ansible.builtin.assert: that: - immich_domain is defined - immich_domain | length > 0 - immich_host_http_port is defined - immich_host_http_port | string | length > 0 - letsencrypt_email is defined - letsencrypt_email | length > 0 fail_msg: >- Variables obligatoires manquantes pour le rôle nginx : immich_domain, immich_host_http_port, letsencrypt_email. - name: Définir le nom du fichier de site Nginx Immich ansible.builtin.set_fact: immich_nginx_site_filename_resolved: "{{ immich_nginx_site_filename | default(immich_domain ~ '.conf') }}" - name: Supprimer le site Nginx par défaut si présent ansible.builtin.file: path: /etc/nginx/sites-enabled/default state: absent notify: reload nginx - name: Déployer la configuration HTTP temporaire Immich ansible.builtin.template: src: immich.http-only.conf.j2 dest: "/etc/nginx/sites-available/{{ immich_nginx_site_filename_resolved }}" owner: root group: root mode: "0644" notify: reload nginx - name: Activer le site Nginx Immich ansible.builtin.file: src: "/etc/nginx/sites-available/{{ immich_nginx_site_filename_resolved }}" dest: "/etc/nginx/sites-enabled/{{ immich_nginx_site_filename_resolved }}" state: link force: true notify: reload nginx - name: Appliquer la configuration HTTP temporaire ansible.builtin.meta: flush_handlers - name: Obtenir le certificat Let's Encrypt pour Immich ansible.builtin.command: >- certbot certonly --non-interactive --agree-tos --email {{ letsencrypt_email }} --nginx -d {{ immich_domain }} args: creates: "/etc/letsencrypt/live/{{ immich_domain }}/fullchain.pem" - name: Déployer la configuration HTTPS finale Immich ansible.builtin.template: src: immich.https.conf.j2 dest: "/etc/nginx/sites-available/{{ immich_nginx_site_filename_resolved }}" owner: root group: root mode: "0644" notify: reload nginx - name: Appliquer la configuration HTTPS finale ansible.builtin.meta: flush_handlers