---
# Nginx Main Configuration

- name: Backup original nginx.conf
  copy:
    src: /etc/nginx/nginx.conf
    dest: /etc/nginx/nginx.conf.backup
    remote_src: true
    owner: root
    group: root
    mode: '0644'
  ignore_errors: true
  tags:
    - nginx
    - config
    - backup

- name: Configure main nginx.conf
  template:
    src: nginx.conf.j2
    dest: /etc/nginx/nginx.conf
    owner: root
    group: root
    mode: '0644'
    backup: true
  notify: reload nginx
  tags:
    - nginx
    - config

- name: Configure upstream servers
  template:
    src: upstream.conf.j2
    dest: /etc/nginx/conf.d/upstream.conf
    owner: root
    group: root
    mode: '0644'
  notify: reload nginx
  tags:
    - nginx
    - upstream

- name: Configure security headers
  template:
    src: security-headers.conf.j2
    dest: /etc/nginx/conf.d/security-headers.conf
    owner: root
    group: root
    mode: '0644'
  notify: reload nginx
  tags:
    - nginx
    - security

- name: Configure SSL settings
  template:
    src: ssl-settings.conf.j2
    dest: /etc/nginx/conf.d/ssl-settings.conf
    owner: root
    group: root
    mode: '0644'
  notify: reload nginx
  tags:
    - nginx
    - ssl

- name: Configure gzip compression
  template:
    src: gzip.conf.j2
    dest: /etc/nginx/conf.d/gzip.conf
    owner: root
    group: root
    mode: '0644'
  notify: reload nginx
  tags:
    - nginx
    - compression

- name: Configure caching
  template:
    src: cache.conf.j2
    dest: /etc/nginx/conf.d/cache.conf
    owner: root
    group: root
    mode: '0644'
  when: nginx_cache_enabled | bool
  notify: reload nginx
  tags:
    - nginx
    - cache

- name: Configure real IP detection
  template:
    src: real-ip.conf.j2
    dest: /etc/nginx/conf.d/real-ip.conf
    owner: root
    group: root
    mode: '0644'
  notify: reload nginx
  tags:
    - nginx
    - real-ip

- name: Remove default site
  file:
    path: "{{ item }}"
    state: absent
  loop:
    - /etc/nginx/sites-enabled/default
    - /var/www/html/index.nginx-debian.html
  notify: reload nginx
  tags:
    - nginx
    - cleanup

- name: Create custom error pages
  template:
    src: "{{ item }}.html.j2"
    dest: "/var/www/html/{{ item }}.html"
    owner: "{{ nginx_user }}"
    group: "{{ nginx_group }}"
    mode: '0644'
  loop:
    - 403
    - 404
    - 500
    - 502
    - 503
    - 504
  tags:
    - nginx
    - error-pages

- name: Configure custom error pages
  template:
    src: error-pages.conf.j2
    dest: /etc/nginx/conf.d/error-pages.conf
    owner: root
    group: root
    mode: '0644'
  notify: reload nginx
  tags:
    - nginx
    - error-pages