- name: ensure nginx is installed
  package:
    name: nginx
    state: present
  tags:
  - install

- name: ensure nginx is running
  service:
    name: nginx
    state: started
  tags:
  - service

- name: ensure nginx is configured for lego
  copy:
    src: lego.nginx.conf
    dest: /etc/nginx/default.d/lego.conf
    owner: root
    group: root
    mode: u=rw,go=r
  notify:
  - reload nginx
  tags:
  - nginx-config

- name: ensure firewall allows http acme challenges
  firewalld:
    service: http
    state: enabled
    immediate: true
  when: host_uses_firewalld|d(true)
  tags:
  - firewalld

- name: flush handlers
  meta: flush_handlers