---
# There is no nginx.org build for Debian 9 (stretch) yet, so we will use the
# builds in Debian's own repositories for now. This creates a few problems
# in this playbook, and we need to remember to undo these workarounds when
# the Debian stretch builds become available.
#
# See: https://nginx.org/packages/mainline/debian/dists/

- name: Add nginx.org apt signing key
  when: ansible_distribution_major_version | version_compare('9', '!=')
  apt_key: id=0x573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 url=https://nginx.org/keys/nginx_signing.key state=present
  tags: nginx, packages

- name: Add nginx.org repo
  when: ansible_distribution_major_version | version_compare('9', '!=')
  template: src=nginx_org_sources.list.j2 dest=/etc/apt/sources.list.d/nginx_org_sources.list owner=root group=root mode=0644
  tags: nginx, packages

- name: Install nginx
  apt: pkg=nginx update_cache=yes state=latest
  tags: nginx, packages

- name: Copy nginx.conf
  template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf mode=0644 owner=root group=root
  notify:
    - reload nginx
  tags: nginx

- name: Copy extra nginx configs
  copy: src={{ item }} dest=/etc/nginx/{{ item }} mode=0644 owner=root group=root
  with_items:
    - extra-security.conf
    - fastcgi_cache
  notify:
    - reload nginx
  tags: nginx

- name: Remove default nginx vhost
  file: path=/etc/nginx/conf.d/default.conf state=absent
  tags: nginx

- name: Create fastcgi cache dir
  when: ansible_distribution_major_version | version_compare('9', '!=')
  file: path=/var/cache/nginx/cached/fastcgi state=directory owner=nginx group=nginx mode=0755
  tags: nginx

- name: Create fastcgi cache dir
  when: ansible_distribution_major_version | version_compare('9', '==')
  file: path=/var/cache/nginx/cached/fastcgi state=directory owner=www-data group=www-data mode=0755
  tags: nginx

- include: vhosts.yml
  when: nginx_vhosts is defined
  tags: nginx

- name: Configure blank nginx vhost
  template: src=blank-vhost.conf.j2 dest={{ nginx_confd_path }}/blank-vhost.conf  mode=0644 owner=root group=root
  notify:
    - reload nginx
  tags: nginx

- name: Configure munin vhost
  copy: src=munin.conf dest=/etc/nginx/conf.d/munin.conf mode=0644 owner=root group=root
  notify:
    - reload nginx
  tags: nginx

- name: Start and enable nginx service
  service: name=nginx state=started enabled=yes
  tags: nginx

# vim: set ts=2 sw=2: