{{ ansible_managed | comment }}

include "/etc/nginx/snippets/connection_upgrade.conf";

server {
	listen 80;
	listen [::]:80;

	server_name {{ item.from }};
	# Redirect to https
	location / {
		return 302 https://$host$request_uri;
	}

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	# FLoC you google
	add_header Permissions-Policy interest-cohort=();

	# "A man is not dead while his name is still spoken." -- Going Postal
	add_header X-Clacks-Overhead "GNU {{ ', '.join(in_memoriam) }}";
}

server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	ssl_certificate /etc/nginx/certs/{{ item.from }}.crt;
	ssl_certificate_key /etc/nginx/certs/{{ item.from }}.key;


	server_name {{ item.from }};

	# Logs
	access_log /var/log/nginx/{{ item.from }}.log;
	error_log /var/log/nginx/{{ item.from }}_error.log;

    location ~ /\.git {
        return 404;
    }

	location / {
		root {{ item.folder }};
		try_files $uri $uri.html $uri/index.html 404;
	}

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	# FLoC you google
	add_header Permissions-Policy interest-cohort=();

	# "A man is not dead while his name is still spoken." -- Going Postal
	add_header X-Clacks-Overhead "GNU {{ ', '.join(in_memoriam) }}";
}