- name: Install nginx
  ansible.builtin.package:
    name:
      - nginx
    state: present

- name: Setup nginx directories 
  ansible.builtin.file:
    path: '{{ item }}'
    state: directory
    owner: root
    group: root
    mode: u+rw,g+r,o+r
  loop:
    - /etc/nginx/auth
    - /etc/nginx/includes
    - /etc/nginx/sites-available
    - /etc/nginx/sites-enabled

- name: Setup nginx serving directory
  ansible.builtin.file:
    path: /srv/http
    state: directory
    owner: http
    group: http
    mode: u+rw,g+rw,o+r

- name: Configure nginx
  ansible.builtin.copy:
    src: files/nginx.conf
    dest: /etc/nginx/nginx.conf
    owner: root
    group: root
    mode: u+rw,g+r,o+r
  notify:
    - Reload nginx

- name: Configure nginx logrotate
  ansible.builtin.copy:
    src: files/nginx.logrotate
    dest: /etc/logrotate.d/nginx
    owner: root
    group: root
    mode: u+rw,g+r,o+r

- name: Enable nginx systemd service
  ansible.builtin.service:
    name: nginx
    enabled: yes
    state: started

- name: Copy nginx certificate renewal hook
  ansible.builtin.copy:
    src: files/nginx.sh
    dest: /etc/letsencrypt/renewal-hooks/deploy/nginx.sh
    owner: root
    group: root
    mode: u+rwx,g+r,o+r