---

- name: Install nginx
  apt:
    name: "{{ item }}"
    state: present
  with_items:
  - nginx

- name: Upload new DH params file
  copy:
    src: "{{ dhparams }}"
    dest: /etc/ssl/dh4096.pem
    owner: root
    group: root
    mode: 0644
  notify:
  - restart nginx
  when: dhparams is defined

- name: Generate dhparams
  command: openssl dhparam -out /etc/ssl/dh4096.pem 4096
  args:
    creates: /etc/ssl/dh4096.pem
  notify:
  - restart nginx
  when: dhparams is not defined

- name: Fix dhparams privileges
  file:
    path: /etc/ssl/dh4096.pem
    owner: root
    group: root
    mode: 0644
  notify:
  - restart nginx

- name: Ensure about snippets directory
  file:
    path: /etc/nginx/snippets
    state: directory
    owner: root
    group: root
    mode: 0755

- name: Deploy snippets
  template:
    src: "snippets/{{ item }}.j2"
    dest: "/etc/nginx/snippets/{{ item }}"
    owner: root
    group: root
    mode: 0644
  with_items:
  - common.conf
  - ssl-common.conf
  - ssl-medium-common.conf
  notify:
  - restart nginx

- name: Check nginx default page
  stat:
    path: /etc/nginx/sites-enabled/default
  register: stat_default

- name: Delete nginx default page
  file:
    path: /etc/nginx/sites-enabled/default
    state: absent
  notify:
  - restart nginx
  when: stat_default.stat.islnk == True

- name: Deploy temporary default page (with our snippets etc)
  copy:
    src: default
    ## Do not deploy it as symlik
    ## This method keeps default config available, provides necessary definitions (.well-known)
    ## and the particular server ussually deletes /etc/nginx/sites-enabled/default
    dest: /etc/nginx/sites-enabled/default
    owner: root
    group: root
    mode: 0644
  notify:
  - restart nginx

- meta: flush_handlers