---

allow_duplicates: no

dependencies:
  - role: nginx/server
    domain: "{{ inventory_hostname }}"
    listen_directives: |
      listen 443 ssl http2 default_server;
      listen [::]:443 ssl http2 default_server;
    directives: |
      location / {
        return 404;
      }
      location = /status {
        stub_status;
        allow 127.0.0.1/8;
        allow ::1;
        allow {{ global_wireguard_ipv4_range }};
        deny all;
      }