---
- name: Create '{{ site.name }}' site plain http configuration
  become: true
  ansible.builtin.template:
    src: '{{ item }}'
    dest: '/etc/nginx/sites-available/{{ site.name }}_http'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
  with_first_found:
    - files:
        - 'files/nginx/sites/{{ site.name }}_http.conf'
        - 'files/nginx/sites-available/vhost_http_redirect.conf.j2'
  notify:
    - systemctl reload nginx

- name: Create '{{ site.name }}' site tls https configuration
  become: true
  ansible.builtin.template:
  template:
    src: '{{ item }}'
    dest: '/etc/nginx/sites-available/{{ site.name }}_tls'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
  with_first_found:
    - files:
        - 'files/nginx/sites/{{ site.name }}_tls.conf'
        - 'files/nginx/sites-available/vhost_tls.conf.j2'
  notify:
    - systemctl reload nginx

- name: Create '{{ site.name }}' site tls parameter configuration
  become: true
  ansible.builtin.template:
    src: '{{ item }}'
    dest: '/etc/nginx/snippets/{{ site.name }}{{ item | basename }}'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
  with_items: "{{ lookup('hfg', 'nginx/snippets/_*_site.snippet.conf', wantlist=True) }}"
  notify:
    - systemctl reload nginx

- name: Create '{{ site.name }}' site tls certificate configuration
  become: true
  ansible.builtin.template:
  template:
    src: '{{ item }}'
    dest: '/etc/nginx/snippets/{{ item | basename }}'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
  with_items: "{{ lookup('hfg', 'nginx/snippets/' + site.name + '_*_site.snippet.conf', wantlist=True) }}"
  notify:
    - systemctl reload nginx

- name: Create '{{ site.name }}' site logging configuration
  become: true
  ansible.builtin.template:
    src: 'templates/nginx/snippets/logging.snippet.conf.j2'
    dest: '/etc/nginx/snippets/logging_{{ site.name }}.snippet.conf'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
  notify:
    - systemctl reload nginx

- name: Enable '{{ site.name }}' site plain http configuration
  become: true
  ansible.builtin.file:
  file:
    src: '/etc/nginx/sites-available/{{ site.name }}_http'
    dest: '/etc/nginx/sites-enabled/{{ site.name }}_http'
    state: link
  notify:
    - systemctl reload nginx
  tags:
    - configuration
    - nginx
    - sites


# Note: Normally done by acmetool after sucessfully obtaining a suitable certificate
- name: Enable '{{ site.name }}' site tls configuration
  become: true
  ansible.builtin.file:
    src: '/etc/nginx/sites-available/{{ site.name }}_tls'
    dest: '/etc/nginx/sites-enabled/{{ site.name }}_tls'
    state: link
  notify:
    - systemctl reload nginx
  when: nginx__disable_acmetool
  tags:
    - configuration
    - nginx
    - sites