---
- name: Install NGINX
  apt:
    update_cache: true
    name: nginx
  register: apt_result
  retries: 3
  until: apt_result is succeeded

- name: Copy proxypass snippets
  template:
    src: "nginx/snippets/options-proxypass.conf.j2"
    dest: "/etc/nginx/snippets/options-proxypass.conf"
    owner: root
    group: root
    mode: 0644

- name: Copy SSL snippets
  template:
    src: "nginx/snippets/options-ssl.conf.j2"
    dest: "/etc/nginx/snippets/options-ssl.{{ item.name }}.conf"
    owner: root
    group: root
    mode: 0644
  loop: "{{ nginx.ssl }}"

- name: Disable default site
  file:
    dest: "/etc/nginx/sites-enabled/default"
    state: absent

- name: Add 'extended' log format
  template:
    src: nginx/conf.d/extended_log.conf.j2
    dest: /etc/nginx/conf.d/extended_log.conf
    owner: root
    group: root
    mode: 0644
  notify: Reload nginx

- name: Add syslog snippet
  template:
    src: nginx/snippets/syslog.conf.j2
    dest: /etc/nginx/snippets/syslog.conf
    owner: root
    group: root
    mode: 0644
  notify: Reload nginx

- name: Copy reverse proxy sites
  when: reverseproxy is defined
  template:
    src: "nginx/sites-available/{{ item }}.j2"
    dest: "/etc/nginx/sites-available/{{ item }}"
    owner: root
    group: root
    mode: 0644
  loop:
    - reverseproxy
    - reverseproxy_redirect_dname
    - redirect
  notify: Reload nginx

- name: Activate reverse proxy sites
  when: reverseproxy is defined
  file:
    src: "/etc/nginx/sites-available/{{ item }}"
    dest: "/etc/nginx/sites-enabled/{{ item }}"
    owner: root
    group: root
    state: link
  loop:
    - reverseproxy
    - reverseproxy_redirect_dname
    - redirect
  notify: Reload nginx
  ignore_errors: "{{ ansible_check_mode }}"

- name: Copy forward modules
  when: reverseproxy.redirect_tcp is defined and reverseproxy.redirect_tcp|length > 0
  template:
    src: "nginx/modules-available/60-forward.conf.j2"
    dest: "/etc/nginx/modules-available/60-forward.conf"
    mode: 0644
  notify: Reload nginx

- name: Activate modules
  when: reverseproxy.redirect_tcp is defined and reverseproxy.redirect_tcp|length > 0
  file:
    src: "/etc/nginx/modules-available/60-forward.conf"
    dest: "/etc/nginx/modules-enabled/60-forward.conf"
    state: link
    mode: 0644
  notify: Reload nginx
  ignore_errors: "{{ ansible_check_mode }}"

- name: Copy service nginx configuration
  when: nginx.servers is defined and nginx.servers|length > 0
  template:
    src: "nginx/sites-available/service.j2"
    dest: "/etc/nginx/sites-available/{{ nginx.service_name }}"
    owner: root
    group: root
    mode: 0644
  notify: Reload nginx

- name: Activate local nginx service site
  when: nginx.servers is defined and nginx.servers|length > 0
  file:
    src: "/etc/nginx/sites-available/{{ nginx.service_name }}"
    dest: "/etc/nginx/sites-enabled/{{ nginx.service_name }}"
    owner: root
    group: root
    state: link
  notify: Reload nginx
  ignore_errors: "{{ ansible_check_mode }}"

- name: Copy 50x error page
  template:
    src: www/html/50x.html.j2
    dest: /var/www/html/50x.html
    owner: www-data
    group: www-data
    mode: 0644

- name: Copy robots.txt file
  when: nginx.deploy_robots_file
  template:
    src: www/html/robots.txt.j2
    dest: /var/www/html/robots.txt
    owner: www-data
    group: www-data
    mode: 0644

- name: Install passwords
  when: nginx.auth_passwd|length > 0
  template:
    src: nginx/passwd.j2
    dest: /etc/nginx/passwd
    mode: 0644

- name: Copy 401 error page
  when: nginx.auth_passwd|length > 0
  template:
    src: www/html/401.html.j2
    dest: /var/www/html/401.html
    owner: www-data
    group: www-data
    mode: 0644

- name: Clean old files
  file:
    path: "{{ item }}"
    state: absent
  loop:
    - "/etc/nginx/snippets/options-ssl.conf"
    - "/var/www/custom_401.html"
    - "/var/www/robots.txt"
...