working nginx stream proxy

nginx/nginx.yaml

@@ -0,0 +1,62 @@
+- name: Update nginx stream configuration
+  hosts: yellow
+  become: true
+  become_user: root
+  become_method: sudo
+  vars_files:
+    - vars.yaml
+  tasks:
+  - name: Ensure nginx, certbot, and nginx-mod-stream are installed
+    ansible.builtin.dnf:
+      name:
+        - nginx
+        - nginx-mod-stream
+      state: present
+  - name: Create stream.d dir
+    ansible.builtin.file:
+      path: /etc/nginx/stream.d
+      state: directory
+      mode: '0755'
+  - name: Create http.d dir
+    ansible.builtin.file:
+      path: /etc/nginx/http.d
+      state: directory
+      mode: '0755'
+  - name: Copy nginx.conf
+    template:
+      src: nginx.conf
+      dest: /etc/nginx/nginx.conf
+      owner: root
+      group: root
+      mode: '0644'
+  - name: Copy stream configurations
+    template:
+      src: "{{ item }}"
+      dest: /etc/nginx/stream.d/{{ item | basename }}
+      owner: root
+      group: root
+      mode: '0644'
+    with_fileglob:
+    - stream.d/*
+  - name: Copy http configurations
+    template:
+      src: "{{ item }}"
+      dest: /etc/nginx/http.d/{{ item | basename }}
+      owner: root
+      group: root
+      mode: '0644'
+    with_fileglob:
+    - http.d/*
+  - name: Template all http configurations
+    template:
+      src: https.conf
+      dest: /etc/nginx/http.d/{{ item.external_domain }}.conf
+      owner: root
+      group: root
+      mode: '0644'
+    with_items: "{{ terminate_ssl }}"
+  - name: Reload nginx service
+    ansible.builtin.systemd_service:
+      state: restarted
+      name: nginx
+      enabled: true