From c9c669d36aa937ce249f8db804ad7ebd0a7a7a29 Mon Sep 17 00:00:00 2001
From: root <root@Adelyaa.localdomain>
Date: Tue, 8 Jul 2025 23:30:00 +0700
Subject: [PATCH] Add web server playbook

---
 playbooks/web-server.yml | 98 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 98 insertions(+)
 create mode 100644 playbooks/web-server.yml

diff --git a/playbooks/web-server.yml b/playbooks/web-server.yml
new file mode 100644
index 0000000..e949664
--- /dev/null
+++ b/playbooks/web-server.yml
@@ -0,0 +1,98 @@
+---
+- name: Web Server Deployment
+  hosts: webserver_deployment
+  become: yes
+
+  vars:
+    domain_name: pkl.com
+    ssl_cert_source: files/pkl.com.crt
+    ssl_key_source: files/pkl.com.key
+    ssl_cert_dest: /etc/ssl/certs/pkl.com.crt
+    ssl_key_dest: /etc/ssl/private/pkl.com.key
+    app_source_dir: files/index.html
+    app_target_dir: /var/www/pkl.com
+
+  tasks:
+
+    - name: Install Nginx
+      apt:
+        name: nginx
+        state: present
+        update_cache: yes
+      when: ansible_distribution in "Ubuntu"
+
+    - name: Start Nginx service
+      service:
+        name: nginx
+        state: started
+        enabled: yes
+
+    - name: Create web root directory
+      file:
+        path: "{{ app_target_dir }}"
+        state: directory
+        owner: www-data
+        group: www-data
+        mode: '0755'
+
+    - name: Deploy index.html to web root
+      copy:
+        src: index.html
+        dest: "{{ app_target_dir }}/index.html"
+        owner: www-data
+        group: www-data
+        mode: '0644'
+
+    - name: Copy SSL certificate
+      copy:
+        src: "{{ ssl_cert_source }}"
+        dest: "{{ ssl_cert_dest }}"
+        owner: root
+        group: root
+        mode: '0644'
+
+    - name: Copy SSL key
+      copy:
+        src: "{{ ssl_key_source }}"
+        dest: "{{ ssl_key_dest }}"
+        owner: root
+        group: root
+        mode: '0600'
+
+    - name: Create a custom configuration file for Nginx
+      template:
+        src: templates/nginx.conf.j2
+        dest: /etc/nginx/sites-available/default
+        owner: root
+        group: root
+        mode: '0644'
+      notify: Restart Nginx
+
+    - name: Enable the new Nginx site
+      file:
+        src: /etc/nginx/sites-available/default
+        dest: /etc/nginx/sites-enabled/default
+        state: link
+        force: yes
+      notify: Restart Nginx
+      when: ansible_distribution == "Ubuntu"
+
+    - name: Allow HTTP and HTTPS through UFW
+      ufw:
+        rule: allow
+        port: "{{ item }}"
+        proto: tcp
+      loop:
+        - "80"
+        - "443"
+
+    - name: Restart Nginx
+      service:
+        name: nginx
+        state: restarted
+
+  handlers:
+  - name: Restart Nginx
+    service:
+      name: nginx
+      state: restarted