---

- name: Manage nginx webserver
  collections: [ 'debops.debops', 'debops.roles01',
                 'debops.roles02', 'debops.roles03' ]
  hosts: [ 'debian10' ]
  become: True

  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'

  vars_files:
    - ./../../vars/site.yml
    - ./../../vars/php.yml
    - ./../../vars/nginx.yml

  vars:
    nginx_acme: False
    nginx_http_extra_options: |
      client_max_body_size 100M;
    nginx_real_ip_from: ['172.16.30.0/24']
    nginx_default_keepalive_timeout: 65
#    nginx_webroot_create: False
    nginx_ocsp: False
    nginx_worker_processes: auto
    nginx_manage_ipv6only: False
    # TODO: Replace [::]:443 to 443 and [::]:80 to 80 in site nginx config
    nginx__servers:
      - name: '{{ domain_name }}'

        type: php

        root: '/var/www/{{ site_name }}'

        public_dir_name: ''

        include_files_begin: '{{ nginx_includes_begin }}'

        options: 'set $upstream unix:/run/{{ php__version_preference[0] }}-fpm-www-data.sock;'

        location_list:
          - pattern: '/'
            locations:
              - pattern: '~ ^/*.-backend/'
                options: 'set $upstream unix:/run/{{ php__version_preference[0] }}-fpm-backend.sock;'
            options: try_files /index.html @october;
          - pattern: '@october'
            options: rewrite ^/.*$ /index.php last;
          - pattern: '~* ^(?!/index).*\.php$'
            options: return 403;

        php_options: |
          fastcgi_read_timeout 3000;
        php_upstream: $upstream

        #location ~ ^(?!.+\.php/)(?<script_name>.+\.php)$ {
        php_location_script_name: ~ ^(?<script_name>/index\.php)

        #location ~ ^(?<script_name>.+?\.php)(?<path_info>/.*)?$ {
        php_location_path_info: ~ ^(?<script_name>/index\.php)(?<path_info>/.*)?

  pre_tasks:
    - name: Set filtered includes
      set_fact:
        nginx_includes_begin: "{{ (nginx_includes_begin | default([])) | union([item]) }}"
      when: item != omit
      loop:
          - "{{ (nginx_www_domain and nginx_www_redirect == 'www') | ternary('includes.d/www.conf', omit) }}"
          - "{{ (nginx_www_domain and nginx_www_redirect == 'non-www') | ternary('includes.d/non-www.conf', omit) }}"
          - includes.d/octobercms.conf
          - includes.d/staticfiles.conf

    - name: Copy OctoberCMS nginx conf includes and www redirect
      copy:
        src: etc/nginx/includes.d
        dest: /etc/nginx/
        mode: 0644

    - name: Copy map config for www/non-www redirects
      copy:
        src: etc/nginx/conf.d/map_tld_domain.conf
        dest: /etc/nginx/conf.d/
        mode: 0644

  post_tasks:
    - name: Default index.html
      template:
        src: var/www/site_name/index.html.j2
        dest: '/var/www/{{ site_name }}/index.html'
        mode: 0644
        owner: '{{ site_name }}'

    - name: Copy normalized.css
      template:
        src: var/www/site_name/normalize.css
        dest: '/var/www/{{ site_name }}/'
        mode: 0644
        owner: '{{ site_name }}'

  roles:

#    - role: keyring
#      tags: [ 'role::keyring', 'skip::keyring', 'role::nginx' ]
#      keyring__dependent_apt_keys:
#        - '{{ nginx__keyring__dependent_apt_keys }}'
#
#    - role: apt_preferences
#      tags: [ 'role::apt_preferences', 'skip::apt_preferences' ]
#      apt_preferences__dependent_list:
#        - '{{ nginx__apt_preferences__dependent_list }}'
#
#    - role: python
#      tags: [ 'role::python', 'skip::python' ]
#      python__dependent_packages3:
#        - '{{ nginx__python__dependent_packages3 }}'
#      python__dependent_packages2:
#        - '{{ nginx__python__dependent_packages2 }}'

    - role: nginx
      tags: [ 'role::nginx', 'skip::nginx' ]