- name: Install packages.
  become: true
  tags: nginx
  ansible.builtin.package:
    state: present
    name:
      - nginx
  register: nginx_installed

- name: Backup default nginx config
  become: true
  command: mv /etc/nginx /etc/nginx.orig
  when: nginx_installed.changed == true
  register: nginx_original_config_backup
    
- name: Add ssl-cert group to www-data
  become: true
  command: usermod -a -G ssl-cert www-data
  when: nginx_installed.changed == true
  register: nginx_group_added

- name: Clone h5bp nginx config.
  become: true
  tags: nginx
  ansible.builtin.git:
    repo: https://github.com/h5bp/server-configs-nginx
    dest: /etc/nginx
    depth: 1
  notify: restart nginx
  when: nginx_original_config_backup.changed == true

- name: Copy default fastcgi_params back to h5bp nginx config.
  become: true
  command: cp /etc/nginx.orig/fastcgi_params /etc/nginx
  when: nginx_original_config_backup.changed == true

- name: Copy default snakeoil.conf back to h5bp nginx config.
  become: true
  command: cp /etc/nginx.orig/snippets/snakeoil.conf /etc/nginx
  when: nginx_original_config_backup.changed == true

- name: Remove default nginx directory.
  become: true
  tags: nginx
  ansible.builtin.file:
    path: /etc/nginx.orig
    state: absent
  when: nginx_original_config_backup.changed == true