---

- name: Install tls params
  template:
    dest: "/etc/nginx/tls_{{ websites_enabled[0] }}"
    src: tls.j2
    mode: 0600
    owner: http
    group: http

- name: Generate certs
  include_role:
    name: acme_sh
  vars:
    acme_domains: websites_enabled
    acme_dest: /etc/nginx/certs/
    acme_owner: http
    acme_reload_cmd: "systemctl reload nginx || true"

- name: Install nginx websites
  template:
    src: "{{ playbook_dir }}/templates/nginx/{{ item }}.conf"
    dest: "/etc/nginx/conf.d/{{ item }}.conf"
    owner: http
    group: http
    mode: 0600
  ignore_errors: true
  loop: "{{ websites_enabled }}"

- name: reload nginx
  systemd:
    enabled: true
    name: nginx