---
- name: Install nginx package
  ansible.builtin.apt:
    name: nginx
    state: present
    update_cache: true

- name: Ensure ACME webroot exists for nginx
  ansible.builtin.file:
    path: /var/www/letsencrypt
    state: directory
    owner: www-data
    group: www-data
    mode: "0755"

- name: Ensure static site directories exist
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
    owner: "{{ item.owner }}"
    group: "{{ item.group }}"
    mode: "0755"
  loop: "{{ static_sites | default([]) }}"
  loop_control:
    label: "{{ item.path }}"

- name: Publish static placeholder files
  ansible.builtin.copy:
    dest: "{{ item.0.path }}/{{ item.1.path }}"
    content: "{{ item.1.content }}"
    owner: "{{ item.0.owner }}"
    group: "{{ item.0.group }}"
    mode: "0644"
  loop: "{{ (static_sites | default([])) | subelements('files', skip_missing=True) }}"
  loop_control:
    label: "{{ item.0.name }}/{{ item.1.path }}"

- name: Remove default nginx site
  ansible.builtin.file:
    path: /etc/nginx/sites-enabled/default
    state: absent
  notify: Reload nginx

- name: Check which ACME certificates already exist
  ansible.builtin.stat:
    path: "/etc/letsencrypt/live/{{ item.certificate_name | default(item.server_names[0]) }}/fullchain.pem"
  loop: "{{ nginx_sites | selectattr('acme_managed', 'defined') | selectattr('acme_managed') | list }}"
  loop_control:
    label: "{{ item.name }}"
  register: nginx_site_cert_stats

- name: Build ACME certificate availability map
  ansible.builtin.set_fact:
    nginx_acme_certificates_available: >-
      {{
        dict(
          nginx_site_cert_stats.results
          | map(attribute='item.name')
          | zip(nginx_site_cert_stats.results | map(attribute='stat.exists'))
        )
      }}

- name: Render nginx site configurations
  ansible.builtin.template:
    src: site.conf.j2
    dest: "/etc/nginx/sites-available/{{ item.name }}.conf"
    owner: root
    group: root
    mode: "0644"
  loop: "{{ nginx_sites }}"
  loop_control:
    label: "{{ item.name }}"
  notify: Reload nginx

- name: Enable nginx sites
  ansible.builtin.file:
    src: "/etc/nginx/sites-available/{{ item.name }}.conf"
    dest: "/etc/nginx/sites-enabled/{{ item.name }}.conf"
    state: link
    force: true
  loop: "{{ nginx_sites }}"
  loop_control:
    label: "{{ item.name }}"
  notify: Reload nginx

- name: Validate nginx configuration
  ansible.builtin.command: nginx -t
  changed_when: false

- name: Ensure nginx service is enabled
  ansible.builtin.service:
    name: nginx
    state: started
    enabled: true