---
nginx_config_path: /etc/nginx

nginx_site_config_template: "nginx-site.conf.j2"
nginx_site_config_path: /etc/nginx/sites-available
nginx_site_enabled_path: /etc/nginx/sites-enabled
nginx_site_enabled_by_default: true
nginx_snippets_path: /etc/nginx/snippets
nginx_conf_d_path: /etc/nginx/conf.d
nginx_delete_default_site_config: false
nginx_site_config_extra_options: ""

# Default SSL cert used by all sites unless overridden per-site
# via item.ssl_certificate / item.ssl_certificate_key. Points at the
# Debian snakeoil cert (shipped by the ssl-cert package, an nginx dep)
# so the role works out of the box; override for real deployments.
nginx_ssl_certificate: /etc/ssl/certs/ssl-cert-snakeoil.pem
nginx_ssl_certificate_key: /etc/ssl/private/ssl-cert-snakeoil.key

# DNS resolver used by ssl_stapling and any proxy_pass with hostnames.
# Defaults to systemd-resolved's stub (present on modern Debian/Ubuntu).
# Override with your local resolver (e.g. "192.168.1.5 valid=300s").
nginx_resolver: "127.0.0.53 valid=300s"
nginx_resolver_timeout: "5s"

nginx_snippets:
  - proxy-headers.conf
  - ssl-params.conf
  - websockets.conf
  - fastcgi-php.conf

nginx_conf_d_templates:
  - resolver.conf

nginx_sites:

  - name: default
    template_path: "site-configs/default.conf.j2"