ansible-gateway/tasks/nginx.yml

---
- name: ensure nginx is at the latest version
  apt:
    name: nginx-full
    state: latest

- name: ensure default nginx site is disabled
  file:
    path: /etc/nginx/sites-enabled/default
    state: absent

# - name: start nginx
#   systemd:
#     name: nginx.service
#     state: started
#     enabled: true

- name: copy custom configuration
  template:
    src: "{{ item.src }}"
    dest: /etc/nginx
    owner: root
    group: root
    mode: '0644'
  with_filetree: templates/nginx/custom_configs/
  when: item.state == "file"
  notify: reload_nginx

- name: add per-domain ssl configuration
  template:
    src: templates/nginx/ssl.conf.j2
    dest: "/etc/nginx/ssl_{{ item.domain_name }}.conf"
    owner: root
    group: root
    mode: '0644'
  vars:
    domain_name: "{{ item.domain_name }}"
  with_items: "{{ gateway.proxied_services }}"

- name: add password file for sites that are password-protected
  htpasswd:
    path: "{{ item.password_file }}"
    name: "{{ item.username }}"
    password: "{{ item.password }}"
    owner: "{{ item.owner|default('root') }}"
    group: "{{ item.group|default('www-data') }}"
    mode: 0640
  when: item.password_protect|default(false)
  loop: "{{ gateway.proxied_services }}"

- name: add nginx configuration (only http)
  template:
    src: templates/nginx/sites.conf.j2
    dest: "/etc/nginx/sites-available/{{ item.domain_name }}.conf"
    owner: root
    group: root
    mode: '0644'
  vars:
    service: "{{ item }}"
  with_items: "{{ gateway.proxied_services }}"
  notify: reload_nginx

- name: enable nginx http configuration
  file:
    src: "/etc/nginx/sites-available/{{ item.domain_name }}.conf"
    dest: "/etc/nginx/sites-enabled/{{ item.domain_name }}.conf"
    state: link
  with_items: "{{ gateway.proxied_services }}"
  notify: reload_nginx

- name: Force all notified handlers to run at this point, not waiting for normal sync points
  meta: flush_handlers