Optional IPv6 in nginx confs

roles/base/handlers/main.yml

@@ -7,7 +7,9 @@
 
 - name: Reconfigure locales
   ansible.builtin.command: dpkg-reconfigure -f noninteractive locales
+  changed_when: false
   listen: reconfigure_locales
+  when: not ansible_check_mode
 
 - name: Restart WireGuard
   ansible.builtin.service:

roles/proxy/defaults/main.yml

@@ -1 +1 @@
-cached_dhparams_pem: /vagrant/scratch/dhparams.pem
+proxy_cached_dhparams_pem: /vagrant/scratch/dhparams.pem

roles/proxy/tasks/main.yml

@@ -12,12 +12,12 @@
 
 - name: Check for cached dhparams.pem file
   ansible.builtin.stat:
-    path: "{{ cached_dhparams_pem }}"
+    path: "{{ proxy_cached_dhparams_pem }}"
   register: dhparams_file
 
 - name: Copy cached dhparams.pem to /etc/ssl/
   ansible.builtin.copy:
-    src: "{{ cached_dhparams_pem }}"
+    src: "{{ proxy_cached_dhparams_pem }}"
     dest: /etc/ssl/dhparams.pem
     mode: "600"
     remote_src: true

roles/proxy/templates/server-nginx.conf.j2

@@ -1,13 +1,17 @@
 server {
   listen 80;
+{% if proxy.ipv6 is defined and proxy.ipv6 %}
   listen [::]:80;
+{% endif %}
   server_name {{ item.domain }};
   return 301 https://{{ item.domain }}$request_uri;
 }
 
 server {
   listen              443      ssl http2;
+{% if proxy.ipv6 is defined and proxy.ipv6 %}
   listen              [::]:443 ssl http2;
+{% endif %}
   server_name         {{ item.domain }};
   access_log          /var/log/nginx/{{ item.domain }}.log main;
 {% if proxy.production is defined and proxy.production and proxy.dns_cloudflare.wildcard_domains is defined and item.tls.cert is not defined %}