---
- name: create nginx ssl directory
  become: true
  ansible.builtin.file:
    path: "{{ nginx_path }}/etc/ssl"
    owner: "{{ podman_user }}"
    group: "{{ podman_user }}"
    mode: 0644
    state: directory
  tags: https

- name: stat dhparam
  become: true
  ansible.builtin.stat:
    path: "{{ nginx_path }}/etc/ssl/dhparam.pem"
  register: dhparam
  tags: https

- name: generate openssl dhparam for nginx
  become: true
  ansible.builtin.command: |
    openssl dhparam -out {{ nginx_path }}/ssl/dhparam.pem 2048
  when: not dhparam.stat.exists
  args:
    creates: "{{ nginx_path }}/ssl/dhparam.pem"
  tags: https

- name: template nginx https sites-available
  become: true
  ansible.builtin.template:
    src: "templates/nginx/sites/{{ item }}.j2"
    dest: "{{ nginx_path }}/etc/sites-available/{{ item }}"
    owner: "{{ podman_user }}"
    group: "{{ podman_user }}"
    mode: 0644
  loop:
    - "{{ bookstack_server_name }}.https.conf"
    - "{{ ci_server_name }}.https.conf"
    - "{{ cloud_server_name }}.https.conf"
    - "{{ cloud_skudak_server_name }}.https.conf"
    - "{{ fulfillr_server_name }}.https.conf"
    - "{{ parts_server_name }}.https.conf"
    - "{{ photos_server_name }}.https.conf"
  notify:
    - restorecon podman
    - restart nginx
  tags: https

- name: enable desired nginx https sites
  become: true
  ansible.builtin.file:
    src: "../sites-available/{{ item }}"
    dest: "{{ nginx_path }}/etc/sites-enabled/{{ item }}"
    owner: "{{ podman_user }}"
    group: "{{ podman_user }}"
    state: link
  loop:
    - "{{ bookstack_server_name }}.https.conf"
    - "{{ ci_server_name }}.https.conf"
    - "{{ cloud_server_name }}.https.conf"
    - "{{ cloud_skudak_server_name }}.https.conf"
    - "{{ fulfillr_server_name }}.https.conf"
    - "{{ parts_server_name }}.https.conf"
    - "{{ photos_server_name }}.https.conf"
  notify:
    - restorecon podman
    - restart nginx
  tags: https