- block:
  - name: Create tls folder structure
    file:
      path: "{{ item }}"
      state: directory
      mode: 700
    with_items:
      - "{{ nginx_tls_certs_dir }}"
      - "{{ nginx_tls_key_dir }}"

  - name: Copy certs and private key (content)
    copy:
      content: "{{ item.src }}"
      dest: "{{ item.dest }}"
      mode: "{{ item.mode }}"
    with_items:
      - { src: "{{ nginx_tls_key_source }}", dest: '{{ nginx_tls_key_file }}', mode: '0600' }
      - { src: "{{ nginx_tls_cert_source }}", dest: '{{ nginx_tls_cert_file }}', mode: '0750' }
    loop_control:
      label: "{{ item.dest }}"
    notify: __nginx_reload
    when: nginx_tls_source_use_content

  - name: Copy certs and private key (files)
    copy:
      src: "{{ item.src }}"
      dest: "{{ item.dest }}"
      mode: "{{ item.mode }}"
    with_items:
      - { src: "{{ nginx_tls_key_source }}", dest: '{{ nginx_tls_key_file }}', mode: '0600' }
      - { src: "{{ nginx_tls_cert_source }}", dest: '{{ nginx_tls_cert_file }}', mode: '0750' }
    loop_control:
      label: "{{ item.dest }}"
    notify: __nginx_reload
    when: nginx_tls_source_use_files
  become: True
  become_user: root

- block:
  - name: Register dhparam file
    stat:
      path: "{{ nginx_dhparam_file }}"
    register: __nginx_dh_file

  - name: Generate Diffie-Hellman parameter file
    shell: "/usr/bin/openssl dhparam -out '{{ nginx_dhparam_file }}' {{ nginx_dhparam_size }}"
    async: 3600
    poll: 60
    when: not __nginx_dh_file.stat.exists
    notify: __nginx_reload
  become: True
  become_user: root
  when: nginx_pfs_enabled