homelab-ansible/playbooks/roles/nginx/tasks/main.yml

---

- name: Install Nginx
  ansible.builtin.apt:
    name: nginx
    state: present

- name: Allow ports 80 and 443
  loop:
    - 80
    - 443
  community.general.ufw:
    rule: allow
    to_port: '{{ item }}'

- name: Create config directories
  loop:
    - /etc/nginx
    - /etc/nginx/sites-available
    - /etc/nginx/sites-enabled
    - /etc/nginx/streams-available
    - /etc/nginx/streams-enabled
  ansible.builtin.file:
    state: directory
    dest: '{{ item }}'
    owner: root
    group: root
    mode: "0755"

- name: Deploy base config file
  ansible.builtin.copy:
     src: nginx.conf
     dest: /etc/nginx/nginx.conf
     owner: root
     group: root
     mode: "0644"
  notify: Reload nginx

- name: Deploy site configurations
  loop: '{{ sites_available }}'
  ansible.builtin.template:
    src: site.j2
    dest: /etc/nginx/sites-available/{{ item.fqdn }}.conf
    owner: root
    group: root
    mode: "0644"
  notify: Reload nginx

- name: Enable site configurations
  loop: '{{ sites_available }}'
  ansible.builtin.file:
    src: ../sites-available/{{ item.fqdn }}.conf
    dest: /etc/nginx/sites-enabled/{{ item.fqdn }}.conf
    state: '{{ item.enabled|ternary("link", "absent") }}'
    owner: root
    group: root
  notify: Reload nginx

- name: Deploy stream configurations
  loop: '{{ streams_available }}'
  ansible.builtin.template:
    src: stream.j2
    dest: /etc/nginx/streams-available/{{ item.fqdn }}.conf
    owner: root
    group: root
    mode: "0644"
  notify: Reload nginx

- name: Enable stream configurations
  loop: '{{ streams_available }}'
  ansible.builtin.file:
    src: ../streams-available/{{ item.fqdn }}.conf
    dest: /etc/nginx/streams-enabled/{{ item.fqdn }}.conf
    state: '{{ item.enabled|ternary("link", "absent") }}'
    owner: root
    group: root
  notify: Reload nginx

- name: Allow connections to enabled streams
  loop: '{{ streams_available }}'
  community.general.ufw:
    rule: allow
    to_port: '{{ item.listen_port }}'
    delete: '{{ not item.enabled }}'

- name: Enable nginx
  ansible.builtin.systemd_service:
    name: nginx
    enabled: yes
    state: started