- block:
  - name: Copy tls certificate
    copy:
      content: "{{ nginx_tls_cert }}"
      dest: "{{ nginx_tls_cert_file }}"
      owner: root
      group: root
      mode: 0644
    notify:
      - nginx_reload

  - name: Copy ssl intermediate cert
    copy:
      content: "{{ nginx_tls_intermediate_ca }}"
      dest: "{{ nginx_tls_intermediate_ca_file }}"
      owner: root
      group: root
      mode: 0644
    notify:
      - nginx_reload

  - name: Copy tls private key
    copy:
      content: "{{ nginx_tls_private_key }}"
      dest: "{{ nginx_tls_private_key_file }}"
      owner: root
      group: root
      mode: 0600
    notify:
      - nginx_reload
  become: True
  become_user: root
  when: nginx_tls_enabled

- block:
  - name: Register dhparam file
    stat:
      path: "{{ nginx_dhparam_file }}"
    register: dh_file

  - name: Generate Diffie-Hellman parameter file
    shell: "/usr/bin/openssl dhparam -out '{{ nginx_dhparam_file }}' {{ nginx_dhparam_size }}"
    async: 3600
    poll: 60
    when: not dh_file.stat.exists
    notify:
      - nginx_reload
  become: True
  become_user: root
  when: nginx_pfs_enabled

- block:
  - name: Add default page
    template:
      src: 'var/www/vhosts/default/index.html.j2'
      dest: '/var/www/vhosts/default/index.html'
      owner: nginx
      group: nginx
      mode: 0750
  become: True
  become_user: nginx