{{ ansible_managed | comment }}

{# helper variables and per-site defaults that we can't set in role defaults #}
{% set domain_name    = item.domain_name %}
{% set domain_aliases = item.domain_aliases | default("") %}
{# assume optional features are off unless a vhost explicitly sets them #}
{% set has_wordpress  = item.has_wordpress | default(false) %}
{% set needs_php      = item.needs_php | default(false) %}
{% set has_gitea      = item.has_gitea | default(false) %}
{% set static_site    = item.static_site | default(false) %}

{% if domain_aliases %}
{#   domain_aliases is a string, so we split on space #}
{%   for domain in domain_aliases | split (' ') %}
{{ domain }} {
    redir https://{{domain_name}}{uri}
}
{%   endfor %}
{% endif %}

{{ domain_name }} {
    {% if has_gitea %}
    reverse_proxy :3000
    {% endif %}

    {% if static_site -%}
    root * {{ item.document_root }}

    encode zstd gzip

    file_server
    {% endif %}

    import security-headers
}