iiab/roles/nginx/tasks/install.yml

- name: Stop '{{ apache_service }}' systemd service, in case it exists -- REGARDLESS /etc/{{ apache_service }}/ports.conf WILL BE OVERWRITTEN BELOW
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml
    state: stopped
  ignore_errors: yes
  # 'when: apache_installed is defined' insuff b/c mysql's php (etc) can install apache2

- name: 'Install 5 packages for NGINX: libnginx-mod-http-subs-filter, nginx-extras, php{{ php_version }}-fpm, uwsgi, uwsgi-plugin-python3'
  package:
    name:
      - libnginx-mod-http-subs-filter
      - nginx-extras
      - php{{ php_version }}-fpm    # INSTALLS [0] /etc/apache2/conf-available/php{{ php_version }}-fpm.conf AND DRAGS IN [1] php{{ php_version }}-cli (superset of php{{ php_version }}-common) [2] libsodium23 (likewise installed in moodle/tasks/install.yml AND wordpress/tasks/install.yml) [3] php{{ php_version }}-json if PHP < 8.0 (NEEDED FOR nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml AND wordpress/tasks/install.yml)
      - uwsgi                   # Admin Console & roles/captiveportal should really install
      - uwsgi-plugin-python3    # these 2 packages on demand (not every IIAB needs these).
    state: present


# 2021-08-07: Legacy from roles/httpd/tasks/install.yml

# - name: 'Create group: admin'
#   group:
#     name: admin

# 2020-10-16: Removed per #2560
# - name: Add user '{{ apache_user }}' to shadow group, so it can authenticate Admin Console
#   user:
#     name: "{{ apache_user }}"    # www-data or apache, per /opt/iiab/iiab/vars/<OS>.yml
#     groups: shadow

# - name: Add user {{ apache_user }} (from variable apache_user) to groups admin, shadow
#   user:
#     name: "{{ apache_user }}"    # www-data on Debuntu
#     #groups: admin,shadow
#     groups: shadow    # 2020-06-04: shadow nec for Admin Console login (this line had been clobbering user www-data's membership in group shadow, as set earlier by nginx/tasks/install.yml, SEE #2431)
#     createhome: no
#     append: yes


- name: Remove NGINX default config /etc/nginx/sites-enabled/default
  file:
    path: /etc/nginx/sites-enabled/default
    state: absent

- name: 'Install 3 (of 5) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/nginx/mime.types
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  with_items:
    - { src: 'server.conf.j2', dest: '/etc/nginx/server.conf' }
    - { src: 'nginx.conf.j2', dest: '/etc/nginx/nginx.conf' }
    - { src: 'mime.types.j2', dest: '/etc/nginx/mime.types' }
    # - { src: 'apache-ports.conf', dest: '/etc/{{ apache_service }}/ports.conf' }    # 2021-08-09: Moved to pbx role
    # - { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" }    # Moved into homepage.yml, invoked later by roles/www_options/tasks/main.yml (see below!)

- debug:
    msg: roles/nginx/tasks/homepage.yml will run LATER (invoked by roles/www_options/tasks/main.yml) SO THAT NGINX CAN REDIRECT http://box TO http://box{{ iiab_home_url }} (based on var iiab_home_url)
# - include_tasks: roles/nginx/tasks/homepage.yml

- name: Restart php{{ php_version }}-fpm systemd service
  systemd:
    name: "php{{ php_version }}-fpm"
    state: restarted


# RECORD NGINX AS INSTALLED

- name: "Set 'nginx_installed: True'"
  set_fact:
    nginx_installed: True

- name: "Add 'nginx_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^nginx_installed'
    line: 'nginx_installed: True'