- block:
  - name: Include dependency 'sys-svc-webserver-https'
    include_role:
      name: sys-svc-webserver-https
    when: run_once_sys_svc_webserver_https is not defined
  - include_tasks: utils/run_once.yml
  when: run_once_sys_stk_front_proxy is not defined

- include_tasks: "02_cloudflare.yml"
  when: DNS_PROVIDER == "cloudflare"

- include_tasks: "{{ [ playbook_dir, 'tasks/utils/load_handlers.yml' ] | path_join }}"
  vars:
    handler_role_name: "svc-prx-openresty"

- name: "include role for '{{ domain }}' to receive certificates and do the modification routines"
  include_role:
    name: sys-util-csp-cert

- name: "Copy nginx config to '{{ FRONT_PROXY_DOMAIN_CONF_DST }}'"
  template:
    src:  "{{ FRONT_PROXY_DOMAIN_CONF_SRC }}"
    dest: "{{ FRONT_PROXY_DOMAIN_CONF_DST }}"
  register: nginx_conf
  notify: restart openresty

- block:
  - name: "Check if {{ domains | get_domain(application_id) }} is reachable (only if config unchanged)"
    uri:
      url: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
    register: site_check
    failed_when: false
    changed_when: false

  - name: Restart nginx if site is down
    command:
      cmd: "true"
    notify: restart openresty
    when:
    - site_check.status is defined
    - not site_check.status in [200,301,302]
  when: not nginx_conf.changed