---
- name: include os-specific variables
  include_vars: "{{ ansible_os_family }}.yml"

- name: enable nginx:120 module
  command:
    argv:
      - dnf
      - module
      - -y
      - enable
      - nginx:1.20
    creates: /etc/dnf/modules.d/nginx.module
    warn: false
  when:
    - ansible_os_family == "RedHat"
    - ansible_distribution != "Fedora"
    - ansible_distribution_major_version|int >= 8

- name: install packages
  package:
    name: nginx
    state: installed

- name: fix selinux contexts from data directory
  sefcontext:
    path: /srv/web(/.*)?
    setype: httpd_sys_content_t
  when: ansible_selinux_python_present

- name: create nginx data and config directories
  file:
    state: directory
    path: "{{ item }}"
    mode: 0755
    owner: root
    group: "{{ ansible_wheel }}"
    seuser: _default
    setype: _default
  with_items:
    - /srv/web
    - "/srv/web/{{ inventory_hostname }}"
    - "/etc/nginx/conf.d/{{ inventory_hostname }}"

- name: create nginx base config
  template:
    src: nginx.conf.j2
    dest: /etc/nginx/nginx.conf
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
  notify: restart nginx

- name: fix logdir permissions
  file:
    path: "{{ nginx_logdir }}"
    state: directory
    mode: 0755
    owner: root
    group: "{{ ansible_wheel }}"

- name: disable system log rotate
  lineinfile:
    path: /etc/newsyslog.conf
    state: absent
    regexp: '^/var/www/logs/{{ item }}\s+.*'
  with_items:
    - access.log
    - error.log
  when: ansible_os_family == "OpenBSD"

- name: install custom logrotate
  template:
    dest: /usr/local/sbin/nginx-logrotate
    src: nginx-logrotate.sh
    mode: 0755
    owner: root
    group: "{{ ansible_wheel }}"
  when: ansible_os_family == "OpenBSD"

- name: add logrotate cron job
  cron:
    name: nginx-logrotate
    hour: "0"
    minute: "0"
    job: /usr/local/sbin/nginx-logrotate
  when: ansible_os_family == "OpenBSD"

- name: set logdir permissions
  file:
    path: /var/log/nginx
    mode: 0755
    owner: root
    group: root
  when:
    - ansible_distribution == "CentOS"
    - ansible_distribution_major_version == "7"

- name: set logfile permissions
  lineinfile:
    path: /etc/logrotate.d/nginx
    regexp: '^\s+create '
    line: "    create 0644 nginx root"
  when:
    - ansible_distribution == "CentOS"
    - ansible_distribution_major_version == "7"

- name: import sftpuser role
  import_role:
    name: sftpuser
  vars:
    chroot: "{{ nginx_logdir }}"
    user: logsync
    publickeys: "{{ logsync_publickeys }}"

# https://bugzilla.redhat.com/show_bug.cgi?id=1725248
- block:
    - name: create drop-in directory for service
      file:
        dest: /etc/systemd/system/nginx.service.d
        state: directory
        mode: 0755
        owner: root
        group: "{{ ansible_wheel }}"

    - name: configure service startup dependencies
      copy:
        dest: /etc/systemd/system/nginx.service.d/dependency.conf
        src: dependency.conf
        mode: 0644
        owner: root
        group: "{{ ansible_wheel }}"
  when: ansible_os_family == "RedHat"

- name: enable nginx service
  service:
    name: nginx
    arguments: -u
    state: started
    enabled: true