- name:
  become: true
  block:
    - name: Install package nginx
      apt:
        name: nginx
  
    - name: Delete directories in /etc/nginx/
      file:
        path: "/etc/nginx/{{ item }}"
        state: absent
      loop:
        - sites-enabled
        - snippets
  
    - name: Create directories in /etc/nginx/
      file:
        path: "/etc/nginx/{{ item }}"
        state: directory
      loop:
        - sites-enabled
        - snippets

    - name: Template configuration files to /etc/nginx/
      template:
        src: "{{ item.src }}"
        dest: "/etc/nginx/{{ item.path }}"
        owner: root
        group: root
        mode: '644' 
      with_filetree: ../templates/
      when: item.state == 'file'
      
    - name: Get state of file /etc/nginx/dhparam.txt
      stat:
        path: /etc/nginx/dhparam.txt
      register: nginx_stat_dhparam_result

    - name: Download dhparam file from Mozilla
      get_url:
        url: https://ssl-config.mozilla.org/ffdhe2048.txt
        dest: /etc/nginx/dhparam.txt
      when: not nginx_stat_dhparam_result.stat.exists

    - name: Set correct permissions on certificate directories
      file:
        path: "/etc/letsencrypt/{{ item }}/{{ domain }}"
        state: directory
        owner: root
        group: root
        mode: '750'
      loop:
        - live
        - archive

    - name: Start/Reload NGINX service
      service:
        name: nginx
        state: reloaded
        enabled: yes