---
- name: store nginx vars
  set_fact:
    nginx_certs: "{{ nginx.vhosts|nginx_vhosts_to_certificates }}"
    inventory_certs: "{{ certificates.certs|d({}) | dict2items | selectattr ('key', 'regex', '^nginx_') | items2dict }}"
    selfsigned_cert: "{ '{{ inventory_hostname }}': { 'backend': 'selfsigned' }}"

- name: generate certificates for vhosts
  include_role:
    name: certificates
  vars:
    certificates:
      certs: "{{ {}|combine( (selfsigned_cert|from_yaml if nginx.snakeoil_default else {}),  nginx_certs, inventory_certs, recursive=True) }}"

- name: debug nginx dict
  debug:
    verbosity: 1
    var: nginx

- name: install nginx
  apt:
    pkg:
      - nginx
      - libnginx-mod-http-headers-more-filter
      - libnginx-mod-stream
      - libnginx-mod-http-geoip
      - goaccess
      - geoip-database
      - geoip-database-extra
  notify:
  - delete nginx index.nginx-debian.html
  - restart nginx

- name: copy configs
  copy:
    src: config/
    dest: /etc/nginx/
    directory_mode: 0755
    group: root
    owner: root
    mode: 0644
  notify:
  - restart nginx

- name: execute ssl template
  template:
    src: ssl_files.conf.j2
    dest: /etc/nginx/conf.d/ssl_files.conf
    owner: root
    group: root
    mode: 0644
  notify:
  - restart nginx

- name: execute templates
  loop:
    - dns.conf
    - upstreams.conf
    - proxy.conf
    - maps.conf
  template:
    src: "{{ item }}.j2"
    dest: "/etc/nginx/conf.d/{{ item }}"
    owner: root
    group: root
    mode: 0644
  notify:
  - restart nginx

- name: create nginx vhosts
  template:
    src: vhost.conf.j2
    dest: "/etc/nginx/sites-available/{{ item.key }}"
    owner: root
    group: root
    mode: 0644
  with_dict: "{{ {}|combine((nginx_forcessl_vhost if nginx.force_ssl else {}),  nginx.vhosts, recursive=True) }}"
  notify:
  - restart nginx

- name: enable nginx vhosts
  file:
    src: "/etc/nginx/sites-available/{{ item.key }}"
    path:  "/etc/nginx/sites-enabled/{{ item.key }}"
    state: link
  with_dict: "{{ {}|combine((nginx_forcessl_vhost if nginx.force_ssl else {}),  nginx.vhosts, recursive=True) }}"
  notify:
  - restart nginx

- name: create and enable nginx streams
  template:
    src: stream.conf.j2
    dest: "/etc/nginx/streams/{{ item.key }}"
    owner: root
    group: root
    mode: 0644
  with_dict: "{{ {}|combine(nginx.streams, recursive=True) }}"
  notify:
  - restart nginx

- name: delete nginx default config
  file: path=/etc/nginx/sites-enabled/default state=absent

- name: copy nginx status config
  copy:
    src: monitoring
    dest: /etc/nginx/sites-available/nginx-status
    mode: 0644
  notify:
  - restart nginx

- name: activate nginx status config
  file:
    path: /etc/nginx/sites-enabled/nginx-status
    src: /etc/nginx/sites-available/nginx-status
    state: link
  notify:
  - restart nginx

- include_tasks: php-fpm.yml
  when: nginx.php