---
# Nginx Installation

- name: Update package cache
  package:
    update_cache: true
    cache_valid_time: 3600
  tags:
    - nginx
    - packages

- name: Install Nginx and dependencies
  package:
    name:
      - "{{ nginx_package }}"
      - openssl
      - ca-certificates
    state: present
  tags:
    - nginx
    - packages

- name: Install Let's Encrypt client (Certbot)
  package:
    name:
      - certbot
      - python3-certbot-nginx
    state: present
  when: letsencrypt_enabled | bool
  tags:
    - nginx
    - ssl
    - letsencrypt

- name: Create Nginx directories
  file:
    path: "{{ item }}"
    state: directory
    owner: root
    group: root
    mode: '0755'
  loop:
    - /etc/nginx/sites-available
    - /etc/nginx/sites-enabled
    - /etc/nginx/conf.d
    - /var/log/nginx
    - "{{ nginx_cache_path }}"
    - /var/www/html
  tags:
    - nginx
    - directories

- name: Create Let's Encrypt webroot directory
  file:
    path: "{{ letsencrypt_webroot_path }}"
    state: directory
    owner: "{{ nginx_user }}"
    group: "{{ nginx_group }}"
    mode: '0755'
  when: letsencrypt_enabled | bool
  tags:
    - nginx
    - ssl
    - directories

- name: Set proper permissions on log directory
  file:
    path: /var/log/nginx
    state: directory
    owner: "{{ nginx_user }}"
    group: "{{ nginx_group }}"
    mode: '0755'
  tags:
    - nginx
    - permissions

- name: Ensure Nginx user exists
  user:
    name: "{{ nginx_user }}"
    system: true
    shell: /bin/false
    home: /var/cache/nginx
    create_home: false
  tags:
    - nginx
    - users