---
- name: "Create site plain http configuration for '{{ site.name }}'"
  become: true
  ansible.builtin.template:
    src: 'templates/nginx/sites-available/http_plain_redirect.conf.j2'
    dest: '/etc/nginx/sites-available/{{ site.name }}_http'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
  notify:
    - Run systemctl reload nginx

- name: "Create site tls https configuration for '{{ site.name }}'"
  become: true
  ansible.builtin.template:
    src: 'files/nginx/sites/{{ site.name }}_tls.conf'
    dest: '/etc/nginx/sites-available/{{ site.name }}_tls'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
  notify:
    - Run systemctl reload nginx

- name: "Create site tls parameter configuration for '{{ site.name }}'"
  become: true
  ansible.builtin.template:
    src: 'files/nginx/snippets/tls_parameters.snippet.conf'
    dest: '/etc/nginx/snippets/tls_parameters_{{ site.name }}.snippet.conf'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
  notify:
    - Run systemctl reload nginx

- name: "Create site tls certificate configuration '{{ site.name }}'"
  become: true
  ansible.builtin.template:
    src: 'files/nginx/snippets/tls_certificate.snippet.conf'
    dest: '/etc/nginx/snippets/tls_certificate_{{ site.name }}.snippet.conf'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
  notify:
    - Run systemctl reload nginx

- name: "Create site logging configuration '{{ site.name }}'"
  become: true
  ansible.builtin.template:
    src: 'templates/nginx/snippets/logging.snippet.conf.j2'
    dest: '/etc/nginx/snippets/logging_{{ site.name }}.snippet.conf'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
  notify:
    - Run systemctl reload nginx

- name: "Enable site plain http configuration '{{ site.name }}'"
  become: true
  ansible.builtin.file:
    src: '/etc/nginx/sites-available/{{ site.name }}_http'
    dest: '/etc/nginx/sites-enabled/{{ site.name }}_http'
    state: link
  when: site.http_plain_template | default(True)
  notify:
    - Run systemctl reload nginx

# Note: done by acmetool after sucessfully obtaining a suitable certificate
- name: "Enable site tls configuration '{{ site.name }}'"
  become: true
  ansible.builtin.file:
    src: '/etc/nginx/sites-available/{{ site.name }}_tls'
    dest: '/etc/nginx/sites-enabled/{{ site.name }}_tls'
    state: link
  notify:
    - Run systemctl reload nginx
  when: not nginx__acmetool_enabled