---

- name: Allow http
  community.general.ufw:
    rule: allow
    port: '80'
    proto: tcp

- name: Allow https
  community.general.ufw:
    rule: allow
    port: '443'
    proto: tcp
  notify:
    - Restart ufw

- name: Install nginx
  ansible.builtin.apt:
    name: nginx
    state: present
  notify:
    - Restart nginx

- name: Download dhparams
  ansible.builtin.get_url:
    url: "{{ dh_params_src }}"
    dest: /etc/nginx/dhparams.pem
    mode: '0755'

- name: Add system nginx config
  ansible.builtin.copy:
    src: nginx.conf
    dest: /etc/nginx/nginx.conf
    mode: '0755'

- name: Copy nginx sites
  ansible.builtin.template:
    src: "{{ item }}"
    dest: "/etc/nginx/sites-enabled/"
    mode: '0755'
  with_fileglob:
    - "templates/{{ inventory_hostname }}/*.conf"
  notify:
    - Restart nginx