Using your configuration above Trellis/ansible generates nginx configuration.
You can check the resulting nginx configuration on the actual server after the playbook has been applied.
There are nginx blocks for redirecting from non-www to www and also one for redirecting from non-https to https. You have to ensure that the block for redirecting from non-https to https takes precedence over the other blocks for that site. For making this permanent you will have to adjust your Trellis project and change the nginx template.
This seems to improve security - on the other hand it also seems to add a performance penalty as now two redirects are required in the worst case: One from non-https to https, then one from non-ww to www (for example).