---

- name: Install nginx base package
  ansible.builtin.apt:
    name: "{{ nginx_package }}"
    state: present
  when:
    - nginx_sites is defined

- name: Create sites-available / sites-enabled directories
  ansible.builtin.file:
    state: directory
    path: "{{ item.path }}"
    owner: "{{ item.owner | default('root') }}"
    group: "{{ item.group | default('root') }}"
    mode: "{{ item.mode | default('0755') }}"
  with_items:
    - { path: "/etc/nginx/sites-available" }
    - { path: "/etc/nginx/sites-enabled" }
  notify: Reload nginx
  when:
    - nginx_sites is defined

- name: Template default nginx config files
  ansible.builtin.template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: "{{ item.owner | default('root') }}"
    group: "{{ item.group | default('root') }}"
    mode: "{{ item.mode | default('0644') }}"
    force: "{{ item.force | default('yes') }}"
    backup: true
  loop_control:
    label: "{{ item.dest }}"
  with_items:
    - { src: "etc-nginx.conf.j2",   dest: "/etc/nginx/nginx.conf", notify: "Reload nginx" }
    - { src: "tls_params.j2",       dest: "/etc/nginx/tls_params", notify: "Reload nginx" }
    - { src: "default.j2",          dest: "/etc/nginx/sites-available/default", notify: "Reload nginx" }
#    - { src: "dhparam.pem.j2", dest: "{{ nginx_dhparams_file }}", notify: "Reload nginx" }
#    - { src: "check_nginx.j2", dest: "{{ nagios_plugin_location }}/check_nginx", mode: '755' }
#    - { src: "nrpe-check_nginx.j2", dest: "/etc/nagios/nrpe.d/10-nginx.cfg", notify: "Restart nrpe" }
  notify: "{{ item.notify | default(omit) }}"
  when:
    - nginx_sites is defined

- name: Template site-specific configs
  ansible.builtin.template:
    src: "site.conf.j2"
    dest: "/etc/nginx/sites-available/{{ site.server_name }}.conf"
    owner: "{{ site.owner | default('root') }}"
    group: "{{ site.group | default('root') }}"
    mode:  "{{ site.mode  | default('0644') }}"
    force: "{{ site.force | default('yes') }}"
    backup: true
  loop: "{{ nginx_sites }}"
  loop_control:
    loop_var: site
    label: "{{ site.server_name }}"
  notify: Reload nginx
  when:
    - nginx_sites is defined
  tags:
    - nginxextra
    - nginx_site

- name: Enable nginx sites
  ansible.builtin.file:
    src: "/etc/nginx/sites-available/{{ site.server_name }}.conf"
    path: "/etc/nginx/sites-enabled/{{ site.server_name }}.conf"
    state: "{% if site.disabled | default(false) %}absent{% else %}link{% endif %}"
    mode: "0644"
  loop: "{{ nginx_sites }}"
  loop_control:
    loop_var: site
    label: "{{ site.server_name }}"
  notify: Reload nginx
  when:
    - nginx_sites is defined
  ignore_errors: "{{ ansible_check_mode }}"