- name: 'Install nginx package'
  apt:
    pkg:
      - 'nginx'
    state: 'present'
  tags:
    - 'web'
    - 'nginx'

- name: 'Install logrotate configuration for nginx'
  template:
    src: 'logrotate/nginx.j2'
    dest: '/etc/logrotate.d/nginx'
    owner: 'root'
    group: 'root'
    mode: '0644'
  tags:
    - 'web'
    - 'nginx'

- name: 'Install nginx default file configuration'
  template:
    src: 'nginx/default.j2'
    dest: '/etc/default/nginx'
    owner: 'root'
    group: 'root'
    mode: '0644'
  notify:
    - 'Restart nginx'
  tags:
    - 'web'
    - 'nginx'

- name: 'Install custom mime types for nginx'
  template:
    src: 'nginx/mime.types.custom.j2'
    dest: '/etc/nginx/mime.types.custom'
    owner: 'root'
    group: 'root'
    mode: '0644'
  notify:
    - 'Restart nginx'
  tags:
    - 'web'
    - 'nginx'

- name: 'Install nginx configuration'
  template:
    src: 'nginx/nginx.conf.j2'
    dest: '/etc/nginx/nginx.conf'
    owner: 'root'
    group: 'root'
    mode: '0644'
  notify:
    - 'Restart nginx'
  tags:
    - 'web'
    - 'nginx'

- name: 'Install additional nginx configuration params (conf.d/)'
  template:
    src: 'nginx/conf.d/{{ item }}.conf.j2'
    dest: '/etc/nginx/conf.d/{{ item }}.conf'
    owner: 'root'
    group: 'root'
    mode: '0644'
  with_items:
    - 'status'
  notify:
    - 'Reload nginx'
  tags:
    - 'web'
    - 'nginx'

- name: 'Install additional nginx configuration params (vhost_*)'
  template:
    src: 'nginx/vhost_{{ item }}.j2'
    dest: '/etc/nginx/vhost_{{ item }}'
    owner: 'root'
    group: 'root'
    mode: '0644'
  with_items:
    - 'all'
    - 'expires'
    - 'cache-fd'
    - 'protect-files'
    - 'security'
  notify:
    - 'Reload nginx'
  tags:
    - 'web'
    - 'nginx'

- name: 'Install SSL vhost configuration for Nginx'
  template:
    src: 'nginx/vhost_ssl.j2'
    dest: '/etc/nginx/vhost_ssl-{{ item }}'
    owner: 'root'
    group: 'root'
    mode: '0644'
  with_items: '{{ ssl_certs }}'
  notify:
    - 'Reload nginx'
  when: ssl_certs|length > 0
  tags:
    - 'web'
    - 'nginx'

- name: 'Install SSL vhost configuration for Nginx (Lets Encrypt certificates)'
  template:
    src: 'nginx/vhost_ssl_auto.j2'
    dest: '/etc/nginx/vhost_ssl_auto-{{ item.split(" ")[0] }}'
    owner: 'root'
    group: 'root'
    mode: '0644'
  with_items: '{{ ssl_certs_auto }}'
  notify:
    - 'Reload nginx'
  when: ssl_certs_auto|length > 0
  tags:
    - 'web'
    - 'nginx'

- name: 'Install Let Encrypt configuration for Nginx'
  template:
    src: 'nginx/letsencrypt.j2'
    dest: '/etc/nginx/letsencrypt'
    owner: 'root'
    group: 'root'
    mode: '0644'
  notify:
    - 'Reload nginx'
  when: ssl_certs_auto|length > 0
  tags:
    - 'web'
    - 'nginx'

- name: 'Create basic authentication file for admin (Nginx)'
  template:
    src: 'nginx/auth_admin.j2'
    dest: '/etc/nginx/auth_admin'
    owner: 'root'
    group: 'www-data'
    mode: '0640'
  when: http_auth_admin_password is defined and http_auth_admin_password
  tags:
    - 'web'
    - 'nginx'

- name: 'Install PHPMyAdmin virtual host for nginx (sites-available)'
  template:
    src: 'nginx/pma_vhost.j2'
    dest: '/etc/nginx/sites-available/pma'
    owner: 'root'
    group: 'root'
    mode: '0644'
  notify:
    - 'Reload nginx'
  when: with_phpmyadmin|bool
  tags:
    - 'web'
    - 'nginx'

- name: 'Install PHPMyAdmin virtual host for nginx (sites-enabled)'
  file:
    src: '/etc/nginx/sites-available/pma'
    path: '/etc/nginx/sites-enabled/pma'
    state: 'link'
  notify:
    - 'Reload nginx'
  when: with_phpmyadmin|bool
  tags:
    - 'web'
    - 'nginx'

- name: 'Install PHPPgAdmin virtual host for nginx (sites-available)'
  template:
    src: 'nginx/pga_vhost.j2'
    dest: '/etc/nginx/sites-available/pga'
    owner: 'root'
    group: 'root'
    mode: '0644'
  notify:
    - 'Reload nginx'
  when: with_phppgadmin|bool
  tags:
    - 'web'
    - 'nginx'

- name: 'Install PHPPgAdmin virtual host for nginx (sites-enabled)'
  file:
    src: '/etc/nginx/sites-available/pga'
    path: '/etc/nginx/sites-enabled/pga'
    state: 'link'
  notify:
    - 'Reload nginx'
  when: with_phppgadmin|bool
  tags:
    - 'web'
    - 'nginx'

- name: 'Install PHP system checks virtual host for nginx (sites-available)'
  template:
    src: 'nginx/sys_vhost.j2'
    dest: '/etc/nginx/sites-available/sys'
    owner: 'root'
    group: 'root'
    mode: '0644'
  notify:
    - 'Reload nginx'
  when: with_phpsyscheck and with_php|bool
  tags:
    - 'web'
    - 'nginx'

- name: 'Install PHP system checks virtual host for nginx (sites-enabled)'
  file:
    src: '/etc/nginx/sites-available/sys'
    path: '/etc/nginx/sites-enabled/sys'
    state: 'link'
  notify:
    - 'Reload nginx'
  when: with_phpsyscheck and with_php|bool
  tags:
    - 'web'
    - 'nginx'

- name: 'Install Cloudflare configuration to set the real ip in logs'
  template:
    src: 'nginx/cloudflare.conf.j2'
    dest: '/etc/nginx/snippets/cloudflare.conf'
    owner: 'root'
    group: 'root'
    mode: '0644'
  notify:
    - 'Reload nginx'
  when: with_cloudflare is defined and with_cloudflare
  tags:
    - 'web'
    - 'nginx'

- name: 'Ensure nginx is running'
  service:
    name: 'nginx'
    state: 'started'
  tags:
    - 'web'
    - 'nginx'

# vim: ft=yaml.ansible