feat(back): Ansible config to deploy website with certbot

site.yml

@@ -0,0 +1,138 @@
+---
+- name: Déploiement application PHP avec Nginx + SSL via Certbot
+  hosts: workManager
+  become: true
+
+  vars:
+    web_root: /var/www/html
+    php_version: "8.3"
+    domain: workmanager.aurianeschmitt.fr
+    email_ssl: auriane.geaischmitt@viacesi.fr
+
+  tasks:
+    # ---------------------------------------------------
+    # 1️⃣ Système : mise à jour et packages
+    # ---------------------------------------------------
+    - name: Mise à jour du cache APT
+      apt:
+        update_cache: yes
+        cache_valid_time: 3600
+
+    - name: Installer Nginx et PHP
+      apt:
+        name:
+          - nginx
+          - php{{ php_version }}
+          - php{{ php_version }}-fpm
+          - php{{ php_version }}-cli
+          - php{{ php_version }}-common
+          - php{{ php_version }}-curl
+          - php{{ php_version }}-mbstring
+          - php{{ php_version }}-xml
+          - php{{ php_version }}-zip
+          - php{{ php_version }}-mysql
+          - certbot
+          - python3-certbot-nginx
+        state: present
+
+    - name: S'assurer que PHP-FPM est démarré
+      service:
+        name: php{{ php_version }}-fpm
+        state: started
+        enabled: yes
+
+    # ---------------------------------------------------
+    # 2️⃣ Nginx HTTP seulement (pré-Certbot)
+    # ---------------------------------------------------
+    - name: Supprimer le site nginx par défaut
+      file:
+        path: /etc/nginx/sites-enabled/default
+        state: absent
+      notify: reload nginx
+
+    - name: Configurer Nginx HTTP temporaire
+      copy:
+        dest: '/etc/nginx/sites-available/{{ domain }}'
+        content: |
+          server {
+              listen 80;
+              server_name {{ domain }};
+              root {{ web_root }};
+
+              index index.php index.html;
+
+              location / {
+                  try_files $uri $uri/ /index.php?$query_string;
+              }
+
+              location ~ \.php$ {
+                  include snippets/fastcgi-php.conf;
+                  fastcgi_pass unix:/run/php/php{{ php_version }}-fpm.sock;
+              }
+
+              location ~ /\.ht {
+                  deny all;
+              }
+          }
+      notify: reload nginx
+
+    - name: Activer le site
+      file:
+        src: '/etc/nginx/sites-available/{{ domain }}'
+        dest: '/etc/nginx/sites-enabled/{{ domain }}'
+        state: link
+      notify: reload nginx
+
+    # ---------------------------------------------------
+    # 3️⃣ Contenu Web
+    # ---------------------------------------------------
+    - name: Supprimer l'ancien contenu web
+      file:
+        path: "{{ web_root }}"
+        state: absent
+
+    - name: Recréer le dossier web
+      file:
+        path: "{{ web_root }}"
+        state: directory
+        owner: www-data
+        group: www-data
+        mode: '0755'
+
+    - name: Copier le dossier out vers le serveur
+      copy:
+        src: out/
+        dest: "{{ web_root }}"
+        owner: www-data
+        group: www-data
+        mode: '0755'
+
+    # ---------------------------------------------------
+    # 4️⃣ Certificat SSL via plugin Nginx
+    # ---------------------------------------------------
+    - name: Générer SSL et configurer HTTPS avec Certbot
+      command: >
+        certbot --nginx
+        -d {{ domain }}
+        --non-interactive 
+        --agree-tos
+        --redirect
+        --email {{ email_ssl }}
+      args:
+        creates: /etc/letsencrypt/live/{{ domain }}/fullchain.pem
+      notify: reload nginx
+
+    # # ---------------------------------------------------
+    # # 5️⃣ Renouvellement automatique
+    # # ---------------------------------------------------
+    - name: Activer le timer Certbot pour renouvellement automatique
+      systemd:
+        name: certbot.timer
+        enabled: yes
+        state: started
+
+  handlers:
+    - name: reload nginx
+      service:
+        name: nginx
+        state: reloaded