- name: install nginx
  gather_facts: no
  hosts: "{{target}}"
  become: "{{become_var}}"
  tasks:

  # todo - check shows nginx-common from distro when repo is not yet configured - fix that

  - name: install dependencies on debian/ubuntu systems
    apt:
      pkg:
        - ca-certificates
        - curl
        - gnupg1
        - lsb-release
        - logrotate
      update_cache: true
      autoremove: true
      purge: true
    when: system == 'debian'

  - name: define distro flavor
    shell:
      executable: /bin/bash
      cmd: "lsb_release -is 2>/dev/null | tr A-Z a-z"
    register: flavor
    changed_when: false
    check_mode: false
    when: nginx_type == 'upstream' and system == 'debian'

  - debug: var=flavor.stdout
    when: flavor.stdout is defined

  - name: define distro release
    shell:
      executable: /bin/bash
      cmd: "lsb_release -cs 2>/dev/null || echo unknown"
    register: release
    changed_when: false
    check_mode: false
    when: nginx_type == 'upstream' and system == 'debian'

  - debug: var=release.stdout
    when: release.stdout is defined

  - name: add official signing key
    shell:
      executable: /bin/bash
      cmd: |
        curl -s https://nginx.org/keys/nginx_signing.key | \
          gpg1 --dearmor > /usr/share/keyrings/nginx.gpg
      creates: /usr/share/keyrings/nginx.gpg
    when: nginx_type == 'upstream' and system == 'debian'

  - name: add official repository
    template:
      src: nginx.list
      dest: /etc/apt/sources.list.d/nginx.list
    when: nginx_type == 'upstream' and system == 'debian'
    register: addrepo

  - debug: var=addrepo.changed
    when: addrepo is defined

  - name: update repository cache
    apt:
      update_cache: true
      autoremove: true
      purge: true
    when:
      - nginx_type == 'upstream' and system == 'debian'
      - addrepo.changed

  # todo - handle official nginx deployment on non-debian systems
  # todo - handle bx-nginx != nginx package on bitrix machine
  # todo - less packages, as lsb-release has thousand dependencies...
  #- name: install dependencies on redhat systems

  # incl freebsd
  # todo - what do for isolated redhats?
  - name: install packages
    package:
      name: nginx
    when:
      - nginx_type != 'source'
      - not ansible_check_mode # might be using official repo which is not configured yet

  - name: check nginx is from source
    command: ls -lhF /usr/local/sbin/nginx
    changed_when: false
    check_mode: false
    when: nginx_type == 'source'

  # https://education.launchcode.org/linux/systemd/walkthrough/webserver-nginx-unit-file/index.html
  - name: deploy unit file against nginx from source
    copy:
      src: nginx.service
      dest: /etc/systemd/system/nginx.service
    when: nginx_type == 'source'

  - name: start and enable service
    service:
      name: nginx
      state: started
      enabled: true
    # package not installed yet
    when: not ansible_check_mode

  - name: setup logrotate for nginx from source
    copy:
      src: logrotate_nginx
      dest: /etc/logrotate.d/nginx
    when:
      - nginx_type == 'source'
      - system != 'freebsd'

  - name: setup newsyslog for nginx
    copy:
      src: newsyslog_nginx.conf
      dest: /etc/newsyslog.conf.d/nginx.conf
    when: system == 'freebsd'

  - name: check logrotate is there
    shell: |
      set -e
      ls -lF /etc/logrotate.d/nginx
      ls -lF /etc/cron.daily/logrotate
    changed_when: false
    check_mode: false
    when: system != 'freebsd'

  - name: check newsyslog is there
    shell: |
      set -e
      ls -lF /etc/newsyslog.conf.d/nginx.conf
      grep newsyslog /etc/crontab
    changed_when: false
    check_mode: false
    when: system == 'freebsd'

  - name: handy log wrapper
    copy:
      content: "tail -n0 -F /var/log/nginx/*log\n"
      dest: /root/logwww
      mode: "0755"