- name: Create www group
  group:
    name: www

- name: Create www user
  user:
    name: www
    home: /srv/http
    createhome: false
    group: www

- name: Create directories
  file:
    name: "{{ item }}"
    state: directory
    mode: 0755
    owner: root
    group: wheel
  loop:
    - /letsencrypt
    - /etc/rc.conf.d
    - /usr/local/etc/nginx/conf.d

- name: Create directories
  file:
    name: "{{ item }}"
    state: directory
    mode: 0755
    owner: www
    group: www
  loop:
    - /srv/http

- name: Install packages
  package:
    name:
      - nginx
    state: present

# validate fails because nginx config relies on a local mime.types
- name: Install Configuration
  copy:
    src: "files/{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0644
    owner: root
    group: wheel
  loop:
    - src: nginx.conf
      dest: /usr/local/etc/nginx/nginx.conf
    - src: headers.include
      dest: /usr/local/etc/nginx/conf.d/headers.include
    - src: proxy.include
      dest: /usr/local/etc/nginx/conf.d/proxy.include
    - src: tls_settings.include
      dest: /usr/local/etc/nginx/conf.d/tls_settings.include
      # Generate htpasswd with `htpasswd -c files/htpasswd user1`
      # or `printf "USER:$(openssl passwd)\n" >> files/htpasswd`
    - src: htpasswd
      dest: /usr/local/etc/nginx/conf.d/htpasswd

- name: Install newsyslog configuration
  copy:
    src: "files/{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0600
    owner: root
    group: wheel
  loop:
    - src: newsyslog.conf
      dest: /usr/local/etc/newsyslog.conf.d/nginx.conf

- name: Install service configuration
  copy:
    src: "files/{{ item }}_rc.conf"
    dest: "/etc/rc.conf.d/{{ item }}"
    mode: 0644
    owner: root
    group: wheel
  loop:
    - nginx