[
	{
		"name": "install packages",
		"become": true,
		"ansible.builtin.apt": {
			"update_cache": true,
			"pkg": [
				"lighttpd",
				"lighttpd-mod-openssl"
			]
		}
	},
	{
		"name": "activate openssl module | file",
		"become": true,
		"ansible.builtin.template": {
			"src": "10-ssl-custom.conf.j2",
			"dest": "/etc/lighttpd/conf-available/10-ssl-custom.conf"
		}
	},
	{
		"name": "activate openssl module | link",
		"become": true,
		"ansible.builtin.file": {
			"state": "link",
			"src": "/etc/lighttpd/conf-available/10-ssl-custom.conf",
			"dest": "/etc/lighttpd/conf-enabled/10-ssl-custom.conf"
		}
	},
	{
		"name": "ufw | check",
		"check_mode": true,
		"become": true,
		"community.general.ufw": {
			"state": "enabled"
		},
		"register": "ufw_enable_check"
	},
	{
		"name": "ufw | allow port 80",
		"when": "not ufw_enable_check.changed",
		"become": true,
		"community.general.ufw": {
			"rule": "allow",
			"port": "80",
			"proto": "tcp"
		}
	},
	{
		"name": "ufw | allow port 443",
		"when": "not ufw_enable_check.changed",
		"become": true,
		"community.general.ufw": {
			"rule": "allow",
			"port": "443",
			"proto": "tcp"
		}
	},
	{
		"name": "restart service",
		"become": true,
		"ansible.builtin.systemd_service": {
			"state": "restarted",
			"name": "lighttpd"
		}
	}
]