---

- name: Install nginx package
  apt:
    name: nginx
    cache_valid_time: 86400

- name: Ensure nginx service is disabled and stopped
  systemd:
    name: nginx
    enabled: false
    state: stopped

- name: Get current nginx-letsencrypt version
  shell: "/usr/local/bin/nginx-letsencrypt --version || true"
  check_mode: no
  changed_when: no
  register: nginx_letsencrypt_version_cmd

- name: Download nginx-letsencrypt release
  get_url:
    url: "https://github.com/Luzifer/nginx-letsencrypt/releases/download/{{ nginx_letsencrypt_version }}/nginx-letsencrypt_linux_amd64"
    dest: /usr/local/bin/nginx-letsencrypt
    force: true
    mode: 0755
  when: nginx_letsencrypt_version not in nginx_letsencrypt_version_cmd.stdout
  register: nginx_letsencrypt_binary

- name: Install modified nginx config
  template:
    src: nginx.conf.j2
    dest: /etc/nginx/nginx.conf

- name: Install system.d service
  copy:
    content: |
      [Unit]
      Description=nginx wrapper with LetsEncrypt certificate management
      After=network-online.target
      Requires=network-online.target
      
      [Service]
      Restart=always
      ExecStart=/usr/local/bin/nginx-letsencrypt \
                  --email {{ nginx_letsencrypt_email }} \
                  --nginx-config /etc/nginx/nginx.conf \
                  --storage-dir {{ nginx_letsencrypt_storage_dir }} \
                  --log-level {{ nginx_letsencrypt_log_level }} \
                  --buffer {{ nginx_letsencrypt_buffer }} \
                  --listen-http :{{ nginx_letsencrypt_port }}
      
      [Install]
      WantedBy=multi-user.target
    dest: /etc/systemd/system/nginx-letsencrypt.service
  register: nginx_letsencrypt_service

- name: Restart and enable nginx-letsencrypt service
  systemd:
    name: nginx-letsencrypt
    enabled: true
    state: restarted
  when: nginx_letsencrypt_binary.changed or nginx_letsencrypt_service.changed