---
- name: install nginx
  apt:
    name: "{{ nginx_pkg_variant }}"
    state: present

- name: remove nginx default config
  file:
    name: /etc/nginx/sites-enabled/default
    state: absent
  notify: restart nginx

- name: install nginx config snippets
  loop:
    - ssl
    - hsts
  copy:
    src: "{{ global_files_dir }}/common/nginx-snippets/{{ item }}.conf"
    dest: /etc/nginx/snippets/
  notify: restart nginx

- name: generate Diffie-Hellman parameters
  openssl_dhparam:
    path: /etc/ssl/dhparams.pem
    size: 2048
  notify: restart nginx

- name: install nginx configs from template
  loop: "{{ nginx_vhosts | dict2items }}"
  loop_control:
    label: "{{ item.key }}"
  when: "'template' in item.value"
  template:
    src: "{{ item.value.template }}.conf.j2"
    dest: "/etc/nginx/sites-available/{{ item.key }}"
  notify: restart nginx

- name: install nginx configs from config data
  loop: "{{ nginx_vhosts | dict2items }}"
  loop_control:
    label: "{{ item.key }}"
  when: "'content' in item.value"
  copy:
    content: "{{ item.value.content }}"
    dest: "/etc/nginx/sites-available/{{ item.key }}"
  notify: restart nginx

- name: enable vhost config
  loop: "{{ nginx_vhosts | dict2items }}"
  loop_control:
    label: "{{ item.key }}"
  file:
    src: "../sites-available/{{ item.key }}"
    dest: "/etc/nginx/sites-enabled/{{ item.key }}"
    state: link
  notify: restart nginx

- name: generate acme certificate
  loop: "{{ nginx_vhosts | dict2items }}"
  loop_control:
    label: "{{ item.key }} ({{ item.value.hostnames | default([]) | join(', ') }})"
  when: "'acme' in item.value  and  item.value.acme"
  include_tasks: acme.yml