---
- name: Create '{{ site.name }}' site plain http configuration
  become: true
  template:
    src:  'templates/nginx/sites-available/http_plain_redirect.conf.j2'
    dest: '/etc/nginx/sites-available/{{ site.name }}_http'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
  #when: site.http_plain_template | default(True)
  notify:
    - systemctl reload nginx

- name: Create '{{ site.name }}' site tls https configuration
  become: true
  template:
    src: 'files/nginx/sites/{{ site.name }}_tls.conf'
    dest: '/etc/nginx/sites-available/{{ site.name }}_tls'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
  #when: not site.redirect_target | default(True)
  notify:
    - systemctl reload nginx

- name: Create '{{ site.name }}' site tls parameter configuration
  become: true
  template:
    src: 'files/nginx/snippets/tls_parameters.snippet.conf'
    dest: '/etc/nginx/snippets/tls_parameters_{{ site.name }}.snippet.conf'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
  notify:
    - systemctl reload nginx

- name: Create '{{ site.name }}' site tls certificate configuration
  become: true
  template:
    src: 'files/nginx/snippets/tls_certificate.snippet.conf'
    dest: '/etc/nginx/snippets/tls_certificate_{{ site.name }}.snippet.conf'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
  notify:
    - systemctl reload nginx

- name: Create '{{ site.name }}' site logging configuration
  become: true
  template:
    src: 'files/nginx/snippets/logging.snippet.conf'
    dest: '/etc/nginx/snippets/logging_{{ site.name }}.snippet.conf'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
  notify:
    - systemctl reload nginx

#- name: Copy additional per site '{{ site.name }}' snippet files
#  become: true
#  template:
#    src: 'files/nginx/snippets/{{ item }}'
#    dest: '/etc/nginx/snippets/{{ item }}'
#    owner: root
#    group: root
#    mode: 'u=rw,g=r,o=r'
#  with_items: '{{ site.snippets }}'
#  when: site.snippets | default([])
#  notify:
#    - systemctl reload nginx
#  tags:
#    - configuration
#    - nginx
#    - sites

- name: Enable '{{ site.name }}' site plain http configuration
  become: true
  file:
    src: '/etc/nginx/sites-available/{{ site.name }}_http'
    dest: '/etc/nginx/sites-enabled/{{ site.name }}_http'
    state: link
  when: site.http_plain_template | default(True)
  notify:
    - systemctl reload nginx

# Note: done by acmetool after sucessfully obtaining a suitable certificate
#- name: Enable '{{ site.name }}' site tls configuration
#  become: true
#  file:
#    src: '/etc/nginx/sites-available/{{ site.name }}_tls'
#    dest: '/etc/nginx/sites-enabled/{{ site.name }}_tls'
#    state: link
#  notify:
#    - systemctl reload nginx