---

- name: Install nginx package
  ansible.builtin.package:
    name: nginx-full
    state: present
    update_cache: true

- name: Install nginx extra mods
  ansible.builtin.package:
    name: "libnginx-mod-http-{{ item }}"
    state: present
    update_cache: true
  loop: "{{ nginx_extra_mods }}"

- name: Create dhparam
  ansible.builtin.command:
    cmd: /usr/bin/openssl dhparam -out /etc/nginx/dhparam.pem 2048
    creates: /etc/nginx/dhparam.pem

- name: Put nginx configuration files
  ansible.builtin.template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: "0o644"
  notify:
    - Restart nginx
  loop:
    - {src: nginx.conf.j2, dest: /etc/nginx/nginx.conf}
    - {src: nginx.ssl.conf.j2, dest: /etc/nginx/nginx.ssl.conf}
    - {src: nginx.other_headers.conf.j2, dest: /etc/nginx/nginx.other_headers.conf}
    - {src: fastcgi_params.j2, dest: /etc/nginx/fastcgi_params}
    - {src: proxy_params.j2, dest: /etc/nginx/proxy_params}
    - {src: default.j2, dest: /etc/nginx/sites-available/default}

- name: Create letsencrypt dir
  ansible.builtin.file:
    path: "{{ nginx_letsencrypt_dir }}"
    owner: root
    group: www-data
    mode: 'u+rwx,g+rs,o-rwx'
    state: directory

- name: Flush handlers
  ansible.builtin.meta: flush_handlers

- name: Include acme auto cert
  ansible.builtin.include_tasks: acme.yml
  loop: "{{ web_hostname | rejectattr('acme_unmanaged', 'defined') }}"
  loop_control:
    loop_var: "host"

- name: Include vhosts
  ansible.builtin.include_tasks: vhosts.yml