From 4ac40b98985711d127f1360a166b3619ccb88e6a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20D=C3=A9siles?=
 <1536672+cdesiles@users.noreply.github.com>
Date: Tue, 5 May 2026 22:56:08 +0200
Subject: [PATCH] fix: nginx defaults override on archlinux

---
 roles/nginx/tasks/main.yml               |  6 ++++
 roles/nginx/templates/vhost-acme.conf.j2 | 41 ------------------------
 2 files changed, 6 insertions(+), 41 deletions(-)
 delete mode 100644 roles/nginx/templates/vhost-acme.conf.j2

diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index be19bdf..2a8a18d 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -56,6 +56,12 @@
     state: started
   when: acme_email is defined
 
+- name: Remove default nginx vhost (Arch ships one that conflicts)
+  ansible.builtin.file:
+    path: "{{ nginx_conf_dir }}/default.conf"
+    state: absent
+  notify: Reload nginx
+
 - name: Ensure nginx conf.d directory exists
   ansible.builtin.file:
     path: "{{ nginx_conf_dir }}"
diff --git a/roles/nginx/templates/vhost-acme.conf.j2 b/roles/nginx/templates/vhost-acme.conf.j2
deleted file mode 100644
index 4a8d426..0000000
--- a/roles/nginx/templates/vhost-acme.conf.j2
+++ /dev/null
@@ -1,41 +0,0 @@
-# HTTPS vhost with Let's Encrypt (Certbot) for {{ server_name }}
-# Managed by Ansible - DO NOT EDIT MANUALLY
-
-server {
-    listen 80;
-    server_name {{ server_name }};
-
-    # Certbot webroot for ACME challenges
-    location /.well-known/acme-challenge/ {
-        root /var/www/certbot;
-    }
-
-    # Redirect to HTTPS
-    location / {
-        return 301 https://$server_name$request_uri;
-    }
-}
-
-server {
-    listen 443 ssl;
-    server_name {{ server_name }};
-
-    # Let's Encrypt certificates (managed by Certbot)
-    ssl_certificate /etc/letsencrypt/live/{{ server_name }}/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/{{ server_name }}/privkey.pem;
-
-    # SSL configuration
-    ssl_protocols {{ nginx_ssl_protocols }};
-    ssl_prefer_server_ciphers on;
-
-{% if nginx_log_backend == 'journald' %}
-    access_log syslog:server=unix:/dev/log,nohostname,tag=nginx_{{ server_name | replace('.', '_') }};
-    error_log syslog:server=unix:/dev/log,nohostname,tag=nginx_{{ server_name | replace('.', '_') }};
-{% else %}
-    access_log /var/log/nginx/{{ server_name }}_access.log main;
-    error_log /var/log/nginx/{{ server_name }}_error.log;
-{% endif %}
-
-    # Service-specific configuration included below
-    {{ vhost_config | default('') }}
-}