- name:
  become: true
  block:
    - name: Install package nginx
      apt:
        name: nginx
  
    - name: Template configuration files to /etc/nginx/
      template:
        src: "{{ item }}"
        dest: "/etc/nginx/{{ item }}"
        owner: root
        group: root
        mode: '644' 
      loop:
        - nginx.conf
        - authelia-location.conf
        - authelia-authrequest.conf

    - name: Template reverse-proxy.conf to /etc/nginx/sites-available/reverse-proxy.conf
      template:
        src: reverse-proxy.conf
        dest: /etc/nginx/sites-available/reverse-proxy.conf
        owner: root
        group: root
        mode: '644'

    - name: Copy ssl-headers.conf to /etc/nginx/conf.d/ssl-headers.conf
      copy:
        src: files/ssl-headers.conf
        dest: /etc/nginx/conf.d/ssl-headers.conf
        owner: root
        group: root
        mode: '644'

    - name: Remove all enabled NGINX sites
      file:
        state: "{{ item }}"
        path: "/etc/nginx/sites-enabled"
        owner: root
        group: root
        mode: '755'
      loop:
        - absent
        - directory

    - name: Enable reverse-proxy.conf site
      file:
        state: link
        src: /etc/nginx/sites-available/reverse-proxy.conf
        dest: /etc/nginx/sites-enabled/reverse-proxy.conf

    - name: Get state of file /etc/nginx/dhparam.txt
      stat:
        path: /etc/nginx/dhparam.txt
      register: nginx_stat_dhparam_result

    - name: Download dhparam file from Mozilla
      get_url:
        url: https://ssl-config.mozilla.org/ffdhe2048.txt
        dest: /etc/nginx/dhparam.txt
      when: not nginx_stat_dhparam_result.stat.exists

    - name: Set correct permissions on certificate directories
      file:
        path: "/etc/letsencrypt/{{ item }}/{{ domain }}"
        state: directory
        owner: root
        group: root
        mode: '750'
      loop:
        - live
        - archive

    - name: Start/Reload NGINX service
      service:
        name: nginx
        state: reloaded
        enabled: yes