- name: Include Debian-specific tasks
  ansible.builtin.include_tasks: debian.yml
  when: ansible_os_family == "Debian"

- name: Include Rocky Linux-specific tasks
  ansible.builtin.include_tasks: rocky.yml
  when: ansible_os_family == "RedHat"

- name: Install docker-compose .env
  ansible.builtin.template:
    src: compose-env.j2
    dest: "{{ webserver_root }}/.env"
    mode: "600"
  notify: composeup_webserver

- name: Allow MariaDB database connections
  community.general.ufw:
    rule: allow
    port: 3306
    proto: tcp
    src: "{{ item }}"
  loop: "{{ mariadb_trust }}"

- name: Add HTTP and HTTPS firewall rule
  community.general.ufw:
    rule: allow
    port: "{{ item }}"
    proto: tcp
  loop:
    - "80"
    - "443"