---
- name: Create '{{ site.name }}' site plain http configuration
  become: true
  ansible.builtin.template:
    src: 'templates/nginx/sites-available/http_plain_redirect.conf.j2'
    dest: '/etc/nginx/sites-available/{{ site.name }}_http'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
  notify:
    - systemctl reload nginx

- name: Create '{{ site.name }}' site tls https configuration
  become: true
  ansible.builtin.template:
    src: 'files/nginx/sites/{{ site.name }}_tls.conf'
    dest: '/etc/nginx/sites-available/{{ site.name }}_tls'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
  notify:
    - systemctl reload nginx

- name: Create '{{ site.name }}' site tls parameter configuration
  become: true
  ansible.builtin.template:
    src: 'files/nginx/snippets/tls_parameters.snippet.conf'
    dest: '/etc/nginx/snippets/tls_parameters_{{ site.name }}.snippet.conf'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
  notify:
    - systemctl reload nginx

- name: Create '{{ site.name }}' site tls certificate configuration
  become: true
  ansible.builtin.template:
    src: 'files/nginx/snippets/tls_certificate.snippet.conf'
    dest: '/etc/nginx/snippets/tls_certificate_{{ site.name }}.snippet.conf'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
  notify:
    - systemctl reload nginx

- name: Create '{{ site.name }}' site logging configuration
  become: true
  ansible.builtin.template:
    src: 'templates/nginx/snippets/logging.snippet.conf.j2'
    dest: '/etc/nginx/snippets/logging_{{ site.name }}.snippet.conf'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
  notify:
    - systemctl reload nginx

- name: Enable '{{ site.name }}' site plain http configuration
  become: true
  ansible.builtin.file:
    src: '/etc/nginx/sites-available/{{ site.name }}_http'
    dest: '/etc/nginx/sites-enabled/{{ site.name }}_http'
    state: link
  when: site.http_plain_template | default(True)
  notify:
    - systemctl reload nginx

# Note: done by acmetool after sucessfully obtaining a suitable certificate
- name: Enable '{{ site.name }}' site tls configuration
  become: true
  ansible.builtin.file:
    src: '/etc/nginx/sites-available/{{ site.name }}_tls'
    dest: '/etc/nginx/sites-enabled/{{ site.name }}_tls'
    state: link
  notify:
    - systemctl reload nginx
  when: not nginx__acmetool_enabled