- name: Install nginx package (Archlinux)
  when: ansible_facts['os_family'] == "Archlinux"
  community.general.pacman:
    name:
      - nginx
    state: present
    update_cache: true

- name: Create config dirs
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    owner: root
    group: root
    mode: "0775"
  loop:
    - /etc/nginx/sites-available
    - /etc/nginx/sites-enabled
    - /etc/nginx/conf.d
    - /etc/nginx/ssl

- name: Copy the ssl configuration
  ansible.builtin.copy:
    src: ssl.conf
    dest: /etc/nginx/ssl/ssl.conf
    owner: root
    group: root
    mode: "0644"
  notify: Restart nginx

- name: Generate dhparams
  ansible.builtin.command:
    argv:
      - openssl
      - dhparam
      - -dsaparam
      - -outform
      - PEM
      - -out
      - /etc/nginx/ssl/dhparams.pem
      - 4096
    creates: /etc/nginx/ssl/dhparams.pem
  notify: Restart nginx

# - name: Generate dhparams (alternative)
#   community.crypto.openssl_dhparam:
#     group: root
#     mode: "0644"
#     owner: root
#     path: /etc/nginx/ssl/dhparams.pem
#     size: 4096
#     state: present

- name: Set permissions on dhparams
  ansible.builtin.file:
    path: /etc/nginx/ssl/dhparams.pem
    owner: root
    group: root
    mode: "0644"
  notify: Restart nginx

- name: Template out nginx base config
  ansible.builtin.template:
    src: nginx.conf.j2
    dest: /etc/nginx/nginx.conf
    owner: root
    group: root
    mode: "0644"
  notify: Restart nginx

- name: Template out nginx reverse proxy configs
  ansible.builtin.template:
    src: nginx-proxy.conf.j2
    dest: /etc/nginx/sites-available/{{ item.name }}.conf
    owner: root
    group: root
    mode: "0644"
  loop: "{{ nginx_sites }}"
  when: item.type == "proxy"
  notify: Restart nginx

- name: Template out nginx site configs
  ansible.builtin.template:
    src: nginx-site.conf.j2
    dest: /etc/nginx/sites-available/{{ item.name }}.conf
    owner: root
    group: root
    mode: "0644"
  loop: "{{ nginx_sites }}"
  when: item.type == "site"
  notify: Restart nginx

- name: Enable site configs
  ansible.builtin.file:
    path: /etc/nginx/sites-enabled/{{ item.name }}.conf
    src: /etc/nginx/sites-available/{{ item.name }}.conf
    state: link
  loop: "{{ nginx_sites }}"
  notify: Restart nginx

- name: Run certbot role to install certificates
  ansible.builtin.include_role:
    name: certbot
  vars:
    certbot_domains: "{{ nginx_sites | map(attribute='name') }}"
    certbot_notify: "Restart nginx"

- name: Start and enable nginx
  ansible.builtin.service:
    name: nginx
    state: started
    enabled: true