---
- name: Add Nginx GPG apt Key
  apt_key:
    url: https://nginx.org/keys/nginx_signing.key
    keyring: /usr/share/keyrings/nginx-archive-keyring.gpg
    state: present

- name: Add Nginx Mainline Repository
  apt_repository:
    repo: "deb [arch={{ deb_architecture }} signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
          http://nginx.org/packages/mainline/ubuntu {{ ansible_distribution_release }} nginx"
    state: present
    update_cache: true

- name: Install Nginx
  apt:
    name: nginx
    state: latest
    update_cache: true
    cache_valid_time: 3600

- name: Remove default.conf
  ansible.builtin.file:
    path: /etc/nginx/conf.d/default.conf
    state: absent

- name: Create global config folder
  file:
    path: "/etc/nginx/global"
    mode: "0755"
    state: directory

- name: Copy Nginx SSL Config
  template:
    dest: /etc/nginx/global/ssl.conf
    src: ssl.conf.j2
    mode: "0644"
  notify: reload nginx

- name: Download pre-defined DHE group  # as recommended by IETF RFC 7919
  get_url:
    url: https://github.com/internetstandards/dhe_groups/raw/main/ffdhe4096.pem
    dest: "{{ nginx_ssl_dhparam }}"
  notify: reload nginx