---
- name: ensure certificate exists (fake it, until you make it)
  when: "'tls' in nginx_vhost"
  include_role:
    name: "x509/{{ nginx_vhost.tls.certificate_provider }}/cert/prepare"
    public: true
  vars:
    x509_certificate_name: "{{ nginx_vhost.name }}"
    x509_certificate_hostnames: "{{ nginx_vhost.hostnames }}"
    x509_notify_on_change: reload nginx

- name: install nginx configs from template
  when: "'template' in nginx_vhost"
  template:
    src: "{{ nginx_vhost.template }}.conf.j2"
    dest: "/etc/nginx/sites-available/{{ nginx_vhost.name }}"
    mode: "{{ nginx_vhost.mode | default(omit) }}"
  notify: reload nginx

- name: install nginx configs from config data
  when: "'content' in nginx_vhost"
  copy:
    content: "{{ nginx_vhost.content }}"
    dest: "/etc/nginx/sites-available/{{ nginx_vhost.name }}"
    mode: "{{ nginx_vhost.mode | default(omit) }}"
  notify: reload nginx

- name: enable vhost config
  file:
    src: "../sites-available/{{ nginx_vhost.name }}"
    dest: "/etc/nginx/sites-enabled/{{ nginx_vhost.name }}"
    state: link
  notify: reload nginx

- name: generate acme certificate
  when: "'tls' in nginx_vhost"
  block:
  - name: make sure nginx config has been (re)loaded
    meta: flush_handlers

  - name: actually request the certificate
    include_role:
      name: "x509/{{ nginx_vhost.tls.certificate_provider }}/cert/finalize"
    vars:
      x509_certificate_name: "{{ nginx_vhost.name }}"
      x509_certificate_hostnames: "{{ nginx_vhost.hostnames }}"
      x509_notify_on_change: reload nginx