- name: Install nginx
  import_role:
    name: nginxinc.nginx
  when: ansible_os_family != 'Archlinux'
  become: true

- name: Install nginx (mainline) on Arch
  package:
    name: nginx-mainline
  when: ansible_os_family == 'Archlinux'
  become: true

- name: Install nginx-mod-http-headers-more
  package:
    name: libnginx-mod-http-headers-more-filter
  when: ansible_os_family != 'Archlinux'
  become: true

- name: Install nginx-mod-http-headers-more on Arch
  kewlfft.aur.aur:
    name: nginx-mainline-mod-headers-more
  when: ansible_os_family == 'Archlinux'
  become: true

- name: Install nginx-mod-brotli
  package:
    name: libnginx-mod-http-brotli-filter
  when: ansible_os_family != 'Archlinux'
  become: true

- name: Install nginx-mod-brotli on Arch
  kewlfft.aur.aur:
    name: nginx-mainline-mod-brotli
  when: ansible_os_family == 'Archlinux'
  become: true

- name: Generate Diffie-Hellman parameters
  community.crypto.openssl_dhparam:
    path: /etc/nginx/dhparams.pem

- name: Create config directories
  file:
    path: /etc/nginx/{{ item }}
    state: directory
    mode: "0755"
  loop:
    - http.d
    - stream.d
    - includes
  become: true

- name: Install config
  template:
    src: files/nginx.conf
    dest: /etc/nginx/nginx.conf
    validate: nginx -t -c %s
    mode: "0644"
  become: true
  notify: reload nginx

- name: Copy config files
  template:
    src: "{{ item }}"
    dest: "/etc/nginx/includes/{{ item | basename }}"
    mode: "0644"
  with_fileglob: 'files/includes/*.conf'
  become: true
  notify: reload nginx

- name: Install HTTPS redirect
  template:
    src: files/nginx-https-redirect.conf
    dest: /etc/nginx/http.d/https-redirect.conf
    mode: "0644"
  become: true
  notify: reload nginx
  when: nginx_https_redirect