- block:
    - name: fail if more than one reverse proxy config was collected
      fail:
        msg: more than one reverse proxy config was collected, this is not supported yet
      when: rproxy_collected_configs | length > 1


    - name: install nginx
      include_role:
        name: nginx
      vars:
        nginx:
          servers:
            - conf: rproxy_collected_configs[0].nginx_rproxy
          certs: "{{ host_tls }}"
          acme_server: "{{ (rproxy_collected_configs[0].acme | d({}))['server'] | d(None) }}"
      when: reverse_proxy_type == 'nginx'


    - name: install caddy
      include_role:
        name: caddy
      vars:
        caddy_config: "{{ rproxy_collected_configs[0].caddy | d({}) }}"
        caddy_reverse_proxy_handlers: "{{ rproxy_collected_configs[0].caddy_rproxy | d([]) }}"
        caddy_acme_config: "{{ rproxy_collected_configs[0].acme | d({}) }}"
      when: reverse_proxy_type == 'caddy'


    - name: add firewall entries
      include_role:
        name: iptables
        tasks_from: add.yml
      vars:
        firewall_config:
          filter:
            input:
              - { protocol: tcp, dst_port: "{{ [80, 443] if host_tls else [80] }}", action: accept }
              - { protocol: udp, dst_port: "{{ [80, 443] if host_tls else [80] }}", action: accept }

  when: rproxy_collected_configs is defined and rproxy_collected_configs | length > 0
    and role_use_reverse_proxy | d(true) == true