---
- include: service.yaml
  # static: yes # see static include issue: https://github.com/ansible/ansible/issues/13485
  vars:
    service_name: nginx
    service_packages:
        - nginx

- name: install letsencrypt dependencies
  apt:
    name: "{{ item }}"
    state: present
    update_cache: yes
    cache_valid_time: 3600
  with_items: "{{ letsencrypt_requirements }}"
  when: letsencrypt|bool

- name: provision directories for site specific configurations
  file:
    path: /etc/nginx/{{ item }}
    state: directory
    owner: root
    group: root
    mode: 0755
  with_items:
    - "sites-available"
    - "sites-enabled"

- name: provision letsencrypt challenge folder
  file:
    path: "{{ letsencrypt_challenge_webroot }}/.well-known/acme-challenge"
    state: directory
    owner: root
    group: root
    mode: 0755
  when: letsencrypt|bool

- name: upload nginx configuration
  template:
    src: nginx.conf.j2
    dest: /etc/nginx/nginx.conf
- name: disable nginx default configuration
  file:
    path: /etc/nginx/sites-enabled/default
    state: absent
  notify: restart nginx

- name: install php-fpm
  apt:
    name: "{{ item }}"
    state: present
    update_cache: yes
    cache_valid_time: 3600
  with_items:
      - php-fpm
  when: php | bool
  notify:
      - restart nginx

- name: upload nginx proxy configuration
  template:
      src: proxy_nginx.j2
      dest: "/etc/nginx/sites-available/{{ config_name }}"
  when: is_proxy | bool
  notify:
      - enable nginx configuration
      - restart nginx

- name: add nginx configuration custom templates
  template:
      src: "roles/{{ parent_role_path }}/templates/{{ item }}.conf.nginx.j2"
      dest: "/etc/nginx/sites-available/{{ item }}.conf"
  with_items: "{{ config_names }}"
  when: config_names is defined and item|bool

- name: enable nginx configuration custom templates
  file:
      src: "/etc/nginx/sites-available/{{ item }}.conf"
      dest: "/etc/nginx/sites-enabled/{{ item }}.conf"
      state: link
  with_items: "{{ config_names }}"
  when: config_names is defined and item|bool
  notify: restart nginx

- name: generate nginx configurations from standard template
  template:
    src: site.j2
    dest: "/etc/nginx/sites-available/{{ item.server.file_name }}"
  with_items: "{{ nginx_sites }}"
  when: nginx_sites is defined and nginx_sites
  register: nginx_gen_conf
  notify: restart nginx

- name: disable ssl configurations with pending cert issuing
  file:
    path: "/etc/nginx/sites-enabled/{{ item.item.server.file_name }}"
    state: absent
  with_items: "{{ nginx_gen_conf.results }}"
  when:
    - item | changed
    - item.item.letsencrypt is defined
  
- name: enable nginx configurations used for letsencrypt challenge
  file:
    path: "/etc/nginx/sites-enabled/{{ item.server.file_name }}"
    state: link
    src: "/etc/nginx/sites-available/{{ item.server.file_name }}"
  with_items: "{{ nginx_sites }}"
  when: letsencrypt|bool and item.use_for_challenge is defined and item.use_for_challenge|bool and nginx_sites is defined and nginx_sites

- name: restart nginx to start enabled configurations used for letsencrypt
  service:
    name: nginx
    state: restarted
  when: letsencrypt|bool

- name: provision letsencrypt account private key
  openssl_privatekey:
    path: "{{ letsencrypt_account_key }}"
  when: letsencrypt|bool

- name: provision ssl cert/key(s) with letsencrypt
  include: letsencrypt.yaml
  with_items: "{{ nginx_sites }}"
  when: letsencrypt|bool and item.letsencrypt is defined and nginx_sites is defined and nginx_sites

- name: enable nginx configuration generated from standard template
  file:
    path: "/etc/nginx/sites-enabled/{{ item.server.file_name }}"
    state: link
    src: "/etc/nginx/sites-available/{{ item.server.file_name }}"
  with_items: "{{ nginx_sites }}"
  when: nginx_sites is defined and nginx_sites
  notify: restart nginx