---
- set_fact:
    nginx_certs: "{{ nginx.vhosts|nginx_vhosts_to_certificates }}"
    inventory_certs: "{{ certificates.certs|d({}) }}"
    selfsigned_cert: "{ '{{ inventory_hostname }}': { 'backend': 'selfsigned' }}"

- include_role:
    name: certificates
  vars:
    certificates:
      certs: "{{ {}|combine( (selfsigned_cert|from_yaml if nginx.snakeoil_default else {}),  nginx_certs, inventory_certs, recursive=True) }}"

- debug:
    verbosity: 1
    var: nginx

- name: install nginx
  apt: pkg=nginx
  notify:
  - delete nginx index.nginx-debian.html
  - restart nginx

- name: copy configs
  copy:
    src: config/
    dest: /etc/nginx/
    directory_mode: 0755
    group: root
    owner: root
    mode: 0644
  notify:
  - restart nginx

- name: execute ssl template
  template:
    src: ssl_files.conf.j2
    dest: /etc/nginx/conf.d/ssl_files.conf
  notify:
  - restart nginx

- name: execute dns template
  template:
    src: dns.conf.j2
    dest: /etc/nginx/conf.d/dns.conf
  notify:
  - restart nginx

- name: execute upstream template
  template:
    src: upstreams.conf.j2
    dest: /etc/nginx/conf.d/upstreams.conf
  notify:
  - restart nginx

- name: execute proxy template
  template:
    src: proxy.conf.j2
    dest: /etc/nginx/conf.d/proxy.conf
  notify:
  - restart nginx

- name: execute maps template
  template:
    src: maps.conf.j2
    dest: /etc/nginx/conf.d/maps.conf
  notify:
  - restart nginx

- name: create nginx vhosts
  template:
    src: vhost.conf.j2
    dest: "/etc/nginx/sites-available/{{ item.key }}"
  with_dict: "{{ {}|combine((nginx_forcessl_vhost if nginx.force_ssl else {}),  nginx.vhosts, recursive=True) }}"
  notify:
  - restart nginx

- name: enable nginx vhosts
  file:
    src: "/etc/nginx/sites-available/{{ item.key }}"
    path:  "/etc/nginx/sites-enabled/{{ item.key }}"
    state: link
  with_dict: "{{ {}|combine((nginx_forcessl_vhost if nginx.force_ssl else {}),  nginx.vhosts, recursive=True) }}"
  notify:
  - restart nginx

- name: delete nginx default config
  file: path=/etc/nginx/sites-enabled/default state=absent

- name: copy monitoring config
  copy:
    src: monitoring.cfg
    dest: /etc/check_mk/nginx_status.cfg
    owner: root
    group: root
    mode: 0644
  when: nginx.monitoring

- name: copy nginx status config
  copy:
    src: monitoring
    dest: /etc/nginx/sites-available/nginx-status
    mode: 0755
  notify:
  - restart nginx

- name: activate nginx status config
  file:
    path: /etc/nginx/sites-enabled/nginx-status
    src: /etc/nginx/sites-available/nginx-status
    state: link
  notify:
  - restart nginx

- include_tasks: php-fpm.yml
  when: nginx.php