- name: Install nginx
  package:
    name: nginx
    state: latest

- name: Install nginx.conf
  template:
    src: templates/nginx.conf.j2
    dest: /etc/nginx/nginx.conf
    owner: nginx
    group: nginx
    mode: '0644'
  notify: Restart nginx

- name: Create nginx ssl directory
  file:
    path: /etc/nginx/ssl
    state: directory
    mode: '0755'

- name: Generate dhparams
  command:
    cmd: openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096
    creates: /etc/nginx/ssl/dhparam.pem
  notify: Restart nginx

- name: Start and enable nginx
  service:
    name: nginx
    state: started
    enabled: true

- name: Permanently enable http service
  ansible.posix.firewalld:
    service: http
    state: enabled
    permanent: true
    immediate: true
    offline: true

- name: Permanently enable https service
  ansible.posix.firewalld:
    service: https
    state: enabled
    permanent: true
    immediate: true
    offline: true

- name: Create nginx vhosts
  template:
    src: templates/vhost.conf.j2
    dest: /etc/nginx/conf.d/{{ inventory_hostname }}.conf
    owner: nginx
    group: nginx
    mode: '0644'
  notify: Restart nginx