ansible-infra/roles/nginx/tasks/main/config_deploy.yaml

- name: check, if a save of a previous `nginx.conf` is present
  ansible.builtin.stat:
    path: /etc/nginx/nginx.conf.ansiblesave
  register: nginx__nginx_conf_ansiblesave_stat_result

- name: handle the case, where a custom `nginx.conf` is to be used
  when: nginx__use_custom_nginx_conf
  block:
    - name: when no `nginx.conf.ansiblesave` is present, save the current `nginx.conf`
      when: not nginx__nginx_conf_ansiblesave_stat_result.stat.exists
      ansible.builtin.copy:
        force: true
        dest: /etc/nginx/nginx.conf.ansiblesave
        mode: "0644"
        owner: root
        group: root
        remote_src: true
        src: /etc/nginx/nginx.conf
      become: true

    - name: deploy the custom `nginx.conf`
      ansible.builtin.copy:
        content: "{{ nginx__custom_nginx_conf }}"
        dest: "/etc/nginx/nginx.conf"
        mode: "0644"
        owner: root
        group: root
      become: true
      notify: Restart `nginx.service`

- name: handle the case, where no custom `nginx.conf` is to be used
  when: not nginx__use_custom_nginx_conf
  block:
    - name: when a `nginx.conf.ansiblesave` is present, copy it to `nginx.conf`
      when: nginx__nginx_conf_ansiblesave_stat_result.stat.exists
      ansible.builtin.copy:
        force: true
        dest: /etc/nginx/nginx.conf
        mode: "0644"
        owner: root
        group: root
        remote_src: true
        src: /etc/nginx/nginx.conf.ansiblesave
      become: true
      notify: Restart `nginx.service`

    - name: delete the `nginx.conf.ansiblesave`, if it is present
      when: nginx__nginx_conf_ansiblesave_stat_result.stat.exists
      ansible.builtin.file:
        path: /etc/nginx/nginx.conf.ansiblesave
        state: absent
      become: true

- name: make sure mozilla dhparam is deployed
  ansible.builtin.get_url:
    force: true
    dest: /etc/nginx-mozilla-dhparam
    mode: "0644"
    url: https://ssl-config.mozilla.org/ffdhe2048.txt
  become: true
  notify: Restart `nginx.service`

- name: set `nginx__config_files_to_exist` fact initially to an empty list
  ansible.builtin.set_fact:
    nginx__config_files_to_exist: [ ]

- name: handle the case, where tls.conf should be deployed
  when: nginx__deploy_tls_conf
  block:
    - name: make sure tls.conf is deployed
      ansible.builtin.copy:
        force: true
        dest: /etc/nginx/conf.d/tls.conf
        mode: "0644"
        owner: root
        group: root
        src: tls.conf
      become: true
      notify: Restart `nginx.service`

    - name: add tls.conf to nginx__config_files_to_exist
      ansible.builtin.set_fact:
        nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'tls.conf' ] }}"  # noqa: jinja[spacing]

- name: handle the case, where redirect.conf should be deployed
  when: nginx__deploy_redirect_conf
  block:
    - name: make sure redirect.conf is deployed
      ansible.builtin.copy:
        force: true
        dest: /etc/nginx/conf.d/redirect.conf
        mode: "0644"
        owner: root
        group: root
        src: redirect.conf
      become: true
      notify: Restart `nginx.service`

    - name: add redirect.conf to nginx__config_files_to_exist
      ansible.builtin.set_fact:
        nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'redirect.conf' ] }}"  # noqa: jinja[spacing]

- name: make sure all given configuration files are deployed
  ansible.builtin.copy:
    content: "{{ item.content }}"
    dest: "/etc/nginx/conf.d/{{ item.name }}.conf"
    mode: "0644"
    owner: root
    group: root
  become: true
  loop: "{{ nginx__configurations }}"
  notify: Restart `nginx.service`

- name: add names plus suffix from `nginx__configurations` to `nginx__config_files_to_exist` fact
  ansible.builtin.set_fact:
    nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ item.name + '.conf' ] }}"  # noqa: jinja[spacing]
  loop: "{{ nginx__configurations }}"

- name: find configuration files to remove
  ansible.builtin.find:
    paths: /etc/nginx/conf.d/
    recurse: false
    excludes: "{{ nginx__config_files_to_exist }}"
  register: nginx__config_files_to_remove

- name: remove all configuration file, which should be removed
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: absent
  become: true
  loop: "{{ nginx__config_files_to_remove.files }}"
  notify: Restart `nginx.service`