- name: install nginx
  gather_facts: no
  hosts: "{{target}}"
  become: "{{become_var}}"
  tasks:

  # todo - check shows nginx-common from distro when repo is not yet configured - fix that

  - name: define distro vendor
    ansible.builtin.shell:
      executable: /bin/bash
      cmd: "[[ -f /etc/debian_version ]] && echo debian; [[ -f /etc/redhat-release ]] && echo redhat"
    register: vendor
    changed_when: false
    check_mode: false
    failed_when: false

  - debug: var=vendor.stdout
    when: vendor.stdout != 'debian'
  - debug: var=vendor.stderr
    when: vendor.stdout != 'debian'

  - name: install dependencies on debian/ubuntu systems
    ansible.builtin.apt:
      pkg:
        - ca-certificates
        - curl
        - gnupg1
        - lsb-release
        - logrotate
      update_cache: true
      autoremove: true
      purge: true
    diff: true
    when: vendor.stdout == 'debian'

  - name: define distro release
    ansible.builtin.shell:
      executable: /bin/bash
      cmd: "lsb_release -cs 2>/dev/null || echo unknown"
    register: release
    changed_when: false
    check_mode: false
    when: nginx_type == 'upstream' and vendor.stdout == 'debian'

  - debug: var=release.stdout
    when: nginx_type == 'upstream' and vendor.stdout == 'debian'

  - name: add official signing key
    ansible.builtin.shell:
      executable: /bin/bash
      cmd: curl -s https://nginx.org/keys/nginx_signing.key | gpg1 --dearmor > /usr/share/keyrings/nginx.gpg
      creates: /usr/share/keyrings/nginx.gpg
    when: nginx_type == 'upstream' and vendor.stdout == 'debian'

  - name: add official repository
    ansible.builtin.template:
      src: templates/nginx.list
      dest: /etc/apt/sources.list.d/nginx.list
    diff: true
    when: nginx_type == 'upstream' and vendor.stdout == 'debian'

  - name: update repository cache
    ansible.builtin.apt:
      update_cache: true
      autoremove: true
      purge: true
    when: nginx_type == 'upstream' and vendor.stdout == 'debian'
    # won't harm and avoid 'changed' in check mode
    check_mode: false

  # todo - handle official nginx deployment on non-debian systems
  # todo - handle bx-nginx != nginx package on bitrix machine
  # todo - less packages, as lsb-release has thousand dependencies...
  #- name: install dependencies on redhat systems

  - name: install packages
    ansible.builtin.package:
      name: nginx
      state: present
    when: vendor.stdout == 'debian'
    diff: true

  - name: start and enable service
    ansible.builtin.service:
      name: nginx
      state: started
      enabled: true
    diff: true

  - name: handy log reader
    ansible.builtin.copy:
      content: "tail -F /var/log/nginx/*log\n"
      dest: /root/logwww
      mode: "0755"
    diff: true