---
- name: setup configuration directories
  become: true
  ansible.builtin.file:
    path: '/etc/nginx/{{ item }}'
    state: directory
    owner: '{{ nginx_service_user }}'
    group: '{{ nginx_service_group }}'
    mode: '0750'
  loop:
    - conf.d
    - ssl
    - ssl/certificates
    - ssl/keys
    - sites-available
    - sites-enabled
    - streams-available
    - streams-enabled

- name: remove default unneeded files
  become: true
  ansible.builtin.file:
    path: '/etc/nginx/conf.d/default.conf'
    state: absent

- name: generate dhparams.pem file
  become: true
  ansible.builtin.command:
    cmd: /usr/bin/openssl dhparam -out /etc/nginx/ssl/dhparams.pem 4096
    creates: /etc/nginx/ssl/dhparams.pem
  notify:
    - 'nginx : restart nginx service'

- name: setup nginx.conf
  become: true
  block:
    - name: use default configuration
      ansible.builtin.template:
        src: ../templates/nginx.conf.j2
        dest: /etc/nginx/nginx.conf
        owner: '{{ nginx_service_user }}'
        group: '{{ nginx_service_group }}'
        mode: '0640'
      when: nginx_custom_config is falsy
    - name: use custom configuration
      ansible.builtin.copy:
        content: '{{ nginx_custom_config }}'
        dest: /etc/nginx/nginx.conf
        owner: '{{ nginx_service_user }}'
        group: '{{ nginx_service_group }}'
        mode: '0640'
      when: nginx_custom_config is truthy
  notify:
    - 'nginx : restart nginx service'

- name: set process limits
  become: true
  ansible.builtin.template:
    src: ../templates/nginx_limits.conf.j2
    dest: /etc/security/limits.d/nginx.conf
    owner: root
    group: root
    mode: '0600'
  notify:
    - 'nginx : restart nginx service'