---
- name: Setup up repository pinning
  ansible.builtin.template:
    src: 99nginx.j2
    dest: /etc/apt/preferences.d/99nginx
    mode: "0644"
- name: Install nginx
  ansible.builtin.apt:
    update_cache: true
    name: nginx
    state: present
- name: Delete default.conf
  ansible.builtin.file:
    path: /etc/nginx/conf.d/default.conf
    state: absent
  when: nginx__configs
- name: Create nginx redirect.conf
  ansible.builtin.template:
    src: redirect.conf.j2
    dest: /etc/nginx/conf.d/redirect.conf
    mode: "0644"
  when: nginx__enable_https_redirect is defined and nginx__enable_https_redirect
- name: Create nginx tls.conf
  ansible.builtin.template:
    src: tls.conf.j2
    dest: /etc/nginx/conf.d/tls.conf
    mode: "0644"
- name: Download dhparam file
  ansible.builtin.get_url:
    url: https://ssl-config.mozilla.org/ffdhe2048.txt
    dest: /etc/nginx/dhparam.pem
    mode: "0644"
- name: Add user specified configs
  ansible.builtin.copy:
    content: "{{ item.content }}"
    dest: /etc/nginx/conf.d/{{ item.name }}.conf
    mode: "0644"
  loop: "{{ nginx__configs }}"
  notify: Reload nginx
- name: Enable and start systemd service
  ansible.builtin.systemd:
    name: nginx.service
    daemon_reload: true
    enabled: true
    state: started