---
- name: ensure certificate exists (fake it, until you make it)
  when: "'acme' in nginx_vhost  and  nginx_vhost.acme"
  import_role:
    name: x509/acmetool/cert/prepare
  vars:
    acmetool_cert_name: "{{ nginx_vhost.name }}"
    acmetool_cert_hostnames: "{{ nginx_vhost.hostnames }}"

- name: install nginx configs from template
  when: "'template' in nginx_vhost"
  template:
    src: "{{ nginx_vhost.template }}.conf.j2"
    dest: "/etc/nginx/sites-available/{{ nginx_vhost.name }}"
    mode: "{{ nginx_vhost.mode | default(omit) }}"
  notify: reload nginx

- name: install nginx configs from config data
  when: "'content' in nginx_vhost"
  copy:
    content: "{{ nginx_vhost.content }}"
    dest: "/etc/nginx/sites-available/{{ nginx_vhost.name }}"
    mode: "{{ nginx_vhost.mode | default(omit) }}"
  notify: reload nginx

- name: enable vhost config
  file:
    src: "../sites-available/{{ nginx_vhost.name }}"
    dest: "/etc/nginx/sites-enabled/{{ nginx_vhost.name }}"
    state: link
  notify: reload nginx

- name: generate acme certificate
  when: "'acme' in nginx_vhost  and  nginx_vhost.acme"
  block:
  - name: make sure nginx config has been (re)loaded
    meta: flush_handlers

  - name: actually request the certificate
    import_role:
      name: x509/acmetool/cert/finalize
    vars:
      acmetool_cert_name: "{{ nginx_vhost.name }}"
      acmetool_cert_hostnames: "{{ nginx_vhost.hostnames }}"