---
- name: Remove nginx apt signing key from apt-key
  ansible.builtin.apt_key:
    id: "053473772654754373614404074646527257655730117366337542"
    state: absent
  tags:
    - packages
    - nginx

- name: Download nginx apt signing key
  ansible.builtin.get_url:
    url: https://nginx.org/keys/nginx_signing.key
    dest: /usr/share/keyrings/nginx_signing.key
    owner: root
    group: root
    mode: "0644"
    checksum: sha256:55385da31d198fa6a5012d40ae98ecb272a6c4e8fffffba94719ffd3e87de37a
  register: download_nginx_signing_key
  tags:
    - packages
    - nginx

- name: Add nginx.org repo
  ansible.builtin.template:
    src: nginx_org_sources.list.j2
    dest: /etc/apt/sources.list.d/nginx_org_sources.list
    owner: root
    group: root
    mode: "0644"
  register: add_nginx_apt_repository
  tags:
    - nginx
    - packages

- name: Update apt cache
  ansible.builtin.apt: # noqa no-handler
    update_cache: true
  when: (download_nginx_signing_key.status_code is defined and download_nginx_signing_key.status_code == 200) or add_nginx_apt_repository is changed

- name: Install nginx
  ansible.builtin.apt:
    pkg: nginx
    cache_valid_time: 3600
    state: present
  tags:
    - nginx
    - packages

- name: Copy nginx.conf
  ansible.builtin.template:
    src: nginx.conf.j2
    dest: /etc/nginx/nginx.conf
    mode: "0644"
    owner: root
    group: root
  notify:
    - reload nginx
  tags: nginx

- name: Copy extra nginx configs
  ansible.builtin.copy:
    src: "{{ item }}"
    dest: /etc/nginx/{{ item }}
    mode: "0644"
    owner: root
    group: root
  loop:
    - extra-security.conf
    - fastcgi_cache
  notify:
    - reload nginx
  tags: nginx

- name: Remove default nginx vhost
  ansible.builtin.file:
    path: /etc/nginx/conf.d/default.conf
    state: absent
  tags: nginx

- name: Create fastcgi cache dir
  ansible.builtin.file:
    path: /var/cache/nginx/cached/fastcgi
    state: directory
    owner: nginx
    group: nginx
    mode: "0755"
  tags: nginx

- name: Configure nginx virtual hosts
  ansible.builtin.include_tasks: vhosts.yml
  when: nginx_vhosts is defined
  tags: nginx

- name: Configure WordPress
  ansible.builtin.include_tasks: wordpress.yml
  when: nginx_vhosts is defined
  tags: wordpress

- name: Configure blank nginx vhost
  ansible.builtin.template:
    src: blank-vhost.conf.j2
    dest: "{{ nginx_confd_path }}/blank-vhost.conf"
    mode: "0644"
    owner: root
    group: root
  notify:
    - reload nginx
  tags: nginx

- name: Configure munin vhost
  ansible.builtin.copy:
    src: munin.conf
    dest: /etc/nginx/conf.d/munin.conf
    mode: "0644"
    owner: root
    group: root
  notify:
    - reload nginx
  tags: nginx

- name: Start and enable nginx service
  ansible.builtin.systemd:
    name: nginx
    state: started
    enabled: true
  tags: nginx

- name: Configure Let's Encrypt
  ansible.builtin.include_tasks: letsencrypt.yml
  tags: letsencrypt

# vim: set ts=2 sw=2: