---
- name: Copy main nginx configuration file
  become: true
  ansible.builtin.copy:
  copy:
    #src: 'files/nginx/nginx.conf'
    src: '{{ lookup("hf", "nginx/nginx.conf") }}'
    dest: '/etc/nginx/'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
  notify:
    - systemctl reload nginx

- name: Create 'private' directory
  become: true
  ansible.builtin.file:
    path: '/etc/nginx/private'
    state: directory
    owner: root
    group: root
    mode: 'u=rwx,g=rx,o=rx'

- name: Create new dhparam of size '{{ nginx__dhparam_size }}'
  become: true
  community.crypto.openssl_dhparam:
    path: '/etc/nginx/private/dhparam.pem'
    size: '{{ nginx__dhparam_size | mandatory }}'
  notify:
    - systemctl reload nginx

- name: Create 'sites-available' directory
  become: true
  ansible.builtin.file:
    path: '/etc/nginx/sites-available'
    state: directory
    owner: root
    group: root
    mode: 'u=rwx,g=rx,o=rx'

- name: Create 'sites-enabled' directory
  become: true
  ansible.builtin.file:
    path: '/etc/nginx/sites-enabled'
    state: directory
    owner: root
    group: root
    mode: 'u=rwx,g=rx,o=rx'

# Todo: Reconsider best practices
- name: Remove default site config from package installation
  become: true
  ansible.builtin.file:
    path: '{{ item }}'
    state: absent
  with_items:
    - '/etc/nginx/sites-enabled/default'
    - '/etc/nginx/sites-available/default'

- name: Create 'snippets' directory
  become: true
  ansible.builtin.file:
    path: '/etc/nginx/snippets'
    state: directory
    owner: root
    group: root
    mode: 'u=rwx,g=rx,o=rx'

- name: Copy nginx global configuration snippet files
  copy:
    src: '{{ item }}'
    dest: '/etc/nginx/snippets/{{ item | basename }}'
    owner: root
    group: root
    mode: 'u=rw,g=r,o=r'
  with_items: "{{ lookup('hfg', 'nginx/snippets/[!_]*_global.snippet.conf', wantlist=True) }}"
  notify:
    - systemctl reload nginx