---
- name: Create default site plain http configuration
  become: true
  ansible.builtin.template:
    src: 'templates/nginx/sites-available/default_http.j2'
    dest: '/etc/nginx/sites-available/{{ inventory_hostname }}_http'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
  notify:
    - Run systemctl reload nginx

- name: Create default site tls https configuration
  become: true
  ansible.builtin.template:
    src: 'templates/nginx/sites-available/default_tls.j2'
    dest: '/etc/nginx/sites-available/{{ inventory_hostname }}_tls'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
  notify:
    - Run systemctl reload nginx

- name: Enable default site plain http configuration
  become: true
  ansible.builtin.file:
    src: '/etc/nginx/sites-available/{{ inventory_hostname }}_http'
    dest: '/etc/nginx/sites-enabled/{{ inventory_hostname }}_http'
    state: link
  notify:
    - Run systemctl reload nginx

# Note: Done by acmetool after sucessfully obtaining a suitable certificate
- name: Enable default site configuration
  become: true
  ansible.builtin.file:
    src: '/etc/nginx/sites-available/{{ inventory_hostname }}_tls'
    dest: '/etc/nginx/sites-enabled/{{ inventory_hostname }}_tls'
    state: link
  notify:
    - Run systemctl reload nginx
  when: not nginx__acmetool_enabled