- name: set nginx_cfg
  set_fact:
    nginx_cfg: "{{ nginx_defaults | d({}) | combine(nginx | d({}), recursive=true) }}"


- name: install nginx and dependencies
  include_tasks: tasks/install_packages.yml
  vars:
    package:
      - nginx
      - alpine: nginx-openrc
    notify: restart nginx


- name: create user and group
  include_tasks: tasks/create_user.yml
  vars:
    user:
      name: "{{ nginx_cfg.user }}"
      group: "{{ nginx_cfg.group }}"
  when: (ansible_distribution is defined) and (ansible_distribution == 'Debian')


- name: edit init script
  lineinfile:
    path: /etc/init.d/nginx
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
    backrefs: yes
    insertafter: omit
  loop:
    - regexp: '^(\s*)checkpath --directory --owner \w+:\w+(.*)$'
      line: '\g<1>checkpath --directory --owner {{ nginx_cfg.user }}:{{ nginx_cfg.group }}\g<2>'
    - regexp: '^(\s*)cfgfile=\$\{cfgfile:\-.+\}(.*)$'
      line: '\g<1>cfgfile=${cfgfile:-{{ nginx_cfg.conf_dir }}/nginx.conf}\g<2>'
    - regexp: '^(\s*)command_args=\"(.*)\"(\s*)$'
      line: '\g<1>command_args="-c $cfgfile -e /dev/null"\g<3>'
  notify: restart nginx
  when: (ansible_distribution is not defined) or (ansible_distribution == 'Alpine')


- name: create nginx directories
  file:
    path: "{{ item }}"
    state: directory
    mode: 0700
    owner: "{{ nginx_cfg.user }}"
    group: "{{ nginx_cfg.group }}"
  loop:
    - "{{ nginx_cfg.conf_dir }}"
    - "{{ nginx_cfg.conf_dir }}/custom"
    - "{{ nginx_cfg.conf_dir }}/tls"
  notify: restart nginx


- name: remove unused nginx files
  file:
    path: "{{ nginx_cfg.conf_dir }}/{{ item }}"
    state: absent
  loop:
    - fastcgi_params
    - scgi_params
    - uwsgi_params
    - modules
    - http.d
  notify: restart nginx


- name: remove fastcgi.conf if cgi is not used
  file:
    path: "{{ nginx_cfg.conf_dir }}/fastcgi.conf"
    state: absent
  when: (nginx_cfg.fastcgi | d(false) == false) and
        ((nginx_cfg.servers | d([]) | selectattr('fastcgi', 'defined') | selectattr('fastcgi', 'equalto', true) | list | length) == 0)
  notify: restart nginx


- name: template base nginx config
  template:
    src: nginx.j2
    dest: "{{ nginx_cfg.conf_dir }}/nginx.conf"
    force: yes
    mode: 0600
    owner: "{{ nginx_cfg.user }}"
    group: "{{ nginx_cfg.group }}"
  notify: restart nginx


- name: template fastcgi config if requested
  template:
    src: fastcgi.j2
    dest: "{{ nginx_cfg.conf_dir }}/fastcgi.conf"
    force: yes
    mode: 0600
    owner: "{{ nginx_cfg.user }}"
    group: "{{ nginx_cfg.group }}"
  when: (nginx_cfg.fastcgi | d(false) == true) or
        ((nginx_cfg.servers | d([]) | selectattr('fastcgi', 'defined') | selectattr('fastcgi', 'equalto', true) | list | length) > 0)
  notify: restart nginx


- name: template server configs
  template:
    src: "{{ item.conf | d(item.name) }}.j2"
    dest: "{{ nginx_cfg.conf_dir }}/custom/{{ item.conf | d(item.name) }}.conf"
    force: yes
    mode: 0600
    owner: "{{ nginx_cfg.user }}"
    group: "{{ nginx_cfg.group }}"
  loop: "{{ nginx_cfg.servers | d([]) }}"
  when: ((item.conf is defined) or (item.name is defined)) and not (item.conf == None)
  notify: restart nginx


- name: template default http config
  template:
    src: "{{ nginx_cfg.default_http_config }}.j2"
    dest: "{{ nginx_cfg.conf_dir }}/custom/{{ nginx_cfg.default_http_config }}.conf"
    force: yes
    mode: 0600
    owner: "{{ nginx_cfg.user }}"
    group: "{{ nginx_cfg.group }}"
  when: nginx_cfg.default_http_config is defined
  notify: restart nginx


- name: template extra configs
  template:
    src: "{{ item }}.j2"
    dest: "{{ nginx_cfg.conf_dir }}/custom/{{ item }}.conf"
    force: yes
    mode: 0600
    owner: "{{ nginx_cfg.user }}"
    group: "{{ nginx_cfg.group }}"
  loop: "{{ nginx_cfg.extra_configs | d([]) }}"
  notify: restart nginx


- block:
    - name: deploy certs
      include_role:
        name: certs
      vars:
        common:
          owner: "{{ nginx_cfg.user }}"
          group: "{{ nginx_cfg.group }}"
          post_hook: service nginx restart
          notify: restart nginx
          stapling: "{{ nginx_cfg.must_staple | d(nginx_cfg.enable_stapling) | d(false) }}"
          hosts: "{{ nginx_cfg.domains | d(None) }}"
          acme_server: "{{ nginx_cfg.acme_server | d(None) }}"
        certs:
          - id: "{{ host_name ~ '-nginx-ecc' }}"
            cert: "{{ nginx_cfg.conf_dir }}/tls/{{ nginx_cfg.cert_ecc_name }}.crt"
            key: "{{ nginx_cfg.conf_dir }}/tls/{{ nginx_cfg.cert_ecc_name }}.key"
            ecc: yes
          - id: "{{ host_name ~ '-nginx-rsa' }}"
            cert: "{{ nginx_cfg.conf_dir }}/tls/{{ nginx_cfg.cert_rsa_name }}.crt"
            key: "{{ nginx_cfg.conf_dir }}/tls/{{ nginx_cfg.cert_rsa_name }}.key"

  when: nginx_cfg.certs | d(false) == true


- name: change ownership of nginx temp directory
  file:
    path: /var/lib/nginx
    state: directory
    recurse: yes
    owner: "{{ nginx_cfg.user }}"
    group: "{{ nginx_cfg.group }}"
  changed_when: no


- name: flush handlers
  meta: flush_handlers


- name: enable and start nginx
  service:
    name: nginx
    enabled: yes
    state: started