sync roles with changes from OWS

roles/nginx/tasks/main.yml

@@ -1,4 +1,15 @@
 ---
+
+- name: Set architecture alias
+  set_fact:
+    architecture_alias: "amd64"  # noqa: var-naming[no-role-prefix]
+  when: ansible_architecture == "x86_64"
+
+- name: Set architecture alias
+  set_fact:
+    architecture_alias: "arm64"  # noqa: var-naming[no-role-prefix]
+  when: ansible_architecture == "aarch64"
+
 - name: Add Nginx GPG apt Key
   apt_key:
     url: https://nginx.org/keys/nginx_signing.key
@@ -7,7 +18,7 @@
 
 - name: Add Nginx Mainline Repository
   apt_repository:
-    repo: "deb [arch={{ deb_architecture }} signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
+    repo: "deb [arch={{ architecture_alias }} signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
           http://nginx.org/packages/mainline/ubuntu {{ ansible_distribution_release }} nginx"
     state: present
     update_cache: true
@@ -41,4 +52,16 @@
   get_url:
     url: https://github.com/internetstandards/dhe_groups/raw/main/ffdhe4096.pem
     dest: "{{ nginx_ssl_dhparam }}"
+    mode: "0644"
+  register: nginx_ffdhe4096_download_file
+  until: nginx_ffdhe4096_download_file is succeeded
+  retries: 3
+  delay: 5
+  notify: Reload nginx
+
+- name: Set nginx user to www-data
+  replace:
+    path: /etc/nginx/nginx.conf
+    regexp: "user  nginx;"
+    replace: "user  www-data;"
   notify: Reload nginx

roles/nginx/vars/main.yml

@@ -1,5 +1,7 @@
 ---
 
+nginx_user: "www-data"
+nginx_group: "www-data"
 nginx_ssl_ciphers: "ALL:!AES128:!CAMELLIA128:!CAMELLIA:!ARIA128:!RSA:!SEED:!aNULL:!eNULL:!EXPORT:\
                     !DES:!RC4:!3DES:!MD5:!PSK:!DHE-RSA-AES256:!ECDHE-RSA-AES256-SHA384:\
                     !DHE-RSA-AES256-SHA256:!ECDHE-RSA-AES256-SHA:!DHE-RSA-AES256-SHA:@STRENGTH"