From 1349ce9c19314aa1869157e7366ac2de02d4ec65 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20D=C3=A9siles?=
 <1536672+cdesiles@users.noreply.github.com>
Date: Sun, 21 Dec 2025 22:26:24 +0100
Subject: [PATCH] fix: defaulting to nginx vars

---
 roles/static-web/tasks/main.yml                | 2 +-
 roles/static-web/templates/nginx-vhost.conf.j2 | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/static-web/tasks/main.yml b/roles/static-web/tasks/main.yml
index 3612a86..b4fb50f 100644
--- a/roles/static-web/tasks/main.yml
+++ b/roles/static-web/tasks/main.yml
@@ -55,7 +55,7 @@
 - name: Deploy nginx vhost configurations
   ansible.builtin.template:
     src: nginx-vhost.conf.j2
-    dest: "{{ nginx_conf_dir }}/{{ item.key }}.conf"
+    dest: "{{ nginx_conf_dir | default('/etc/nginx/conf.d') }}/{{ item.key }}.conf"
     owner: root
     group: root
     mode: "0644"
diff --git a/roles/static-web/templates/nginx-vhost.conf.j2 b/roles/static-web/templates/nginx-vhost.conf.j2
index 561b8e2..3c70ab0 100644
--- a/roles/static-web/templates/nginx-vhost.conf.j2
+++ b/roles/static-web/templates/nginx-vhost.conf.j2
@@ -28,8 +28,8 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/{{ hostname }}/privkey.pem;
 
     # SSL configuration
-    ssl_protocols {{ nginx_ssl_protocols }};
-    ssl_prefer_server_ciphers {{ 'on' if nginx_ssl_prefer_server_ciphers else 'off' }};
+    ssl_protocols {{ nginx_ssl_protocols | default('TLSv1.3') }};
+    ssl_prefer_server_ciphers on;
 {% endif %}
 
     # Document root
@@ -51,7 +51,7 @@ server {
 {% endif %}
 
     # Logging
-{% if nginx_log_backend == 'journald' %}
+{% if nginx_log_backend | default('journald') == 'journald' %}
     access_log syslog:server=unix:/dev/log,nohostname,tag=nginx_{{ hostname | replace('.', '_') | replace('-', '_') }};
     error_log syslog:server=unix:/dev/log,nohostname,tag=nginx_{{ hostname | replace('.', '_') | replace('-', '_') }};
 {% else %}