- name: install nginx
  gather_facts: no
  hosts: "{{target}}"
  become: "{{become_var}}"
  tasks:

  # todo - check shows nginx-common from distro when repo is not yet configured - fix that

  - name: install dependencies on debian/ubuntu systems
    ansible.builtin.apt:
      pkg:
        - ca-certificates
        - curl
        - gnupg1
        - lsb-release
        - logrotate
      update_cache: true
      autoremove: true
      purge: true
    when: system == 'debian'

  - name: define distro flavor
    ansible.builtin.shell:
      executable: /bin/bash
      cmd: "lsb_release -is 2>/dev/null | tr A-Z a-z || echo unknown"
    register: flavor
    changed_when: false
    check_mode: false
    when: nginx_type == 'upstream' and system == 'debian'

  - debug: var=flavor.stdout
    when: nginx_type == 'upstream' and system == 'debian'

  - name: define distro release
    ansible.builtin.shell:
      executable: /bin/bash
      cmd: "lsb_release -cs 2>/dev/null || echo unknown"
    register: release
    changed_when: false
    check_mode: false
    when: nginx_type == 'upstream' and system == 'debian'

  - debug: var=release.stdout
    when: nginx_type == 'upstream' and system == 'debian'

  - name: add official signing key
    ansible.builtin.shell:
      executable: /bin/bash
      cmd: curl -s https://nginx.org/keys/nginx_signing.key | gpg1 --dearmor > /usr/share/keyrings/nginx.gpg
      creates: /usr/share/keyrings/nginx.gpg
    when: nginx_type == 'upstream' and system == 'debian'

  - name: add official repository
    ansible.builtin.copy:
      content: |

        # CONFIGURED BY ANSIBLE

        deb [signed-by=/usr/share/keyrings/nginx.gpg] http://nginx.org/packages/mainline/{{flavor.stdout}} {{release.stdout}} nginx
      dest: /etc/apt/sources.list.d/nginx.list
    when: nginx_type == 'upstream' and system == 'debian'
    register: addrepo

  - name: update repository cache
    ansible.builtin.apt:
      update_cache: true
      autoremove: true
      purge: true
    when:
      - nginx_type == 'upstream' and system == 'debian'
      - addrepo.changed
    # that won't work in check mode as long as nginx.list file isn't written
    #check_mode: false

  # todo - handle official nginx deployment on non-debian systems
  # todo - handle bx-nginx != nginx package on bitrix machine
  # todo - less packages, as lsb-release has thousand dependencies...
  #- name: install dependencies on redhat systems

  - name: install packages
    ansible.builtin.package:
      name: nginx
      state: present
    when:
      - system == 'debian' and nginx_type != 'source' 
      - not ansible_check_mode # might be using official repo which is not configured yet

  - name: check nginx got installed from source
    shell: ls -lhF /usr/local/sbin/nginx
    when: nginx_type == 'source'

  # https://education.launchcode.org/linux/systemd/walkthrough/webserver-nginx-unit-file/index.html
  - name: deploy unit file against nginx from source
    copy:
      src: nginx.service
      dest: /etc/systemd/system/nginx.service
    when: nginx_type == 'source'

  - name: start and enable service
    ansible.builtin.service:
      name: nginx
      state: started
      enabled: true
    # package not installed yet
    when: not ansible_check_mode

  - name: handy log reader
    ansible.builtin.copy:
      content: "tail -n0 -F /var/log/nginx/*log\n"
      dest: /root/logwww
      mode: "0755"