# nginx_proxy_cache role — installs nginx, renders the cache config
# pointed at the MinIO cluster, ensures the systemd unit running.
# Idempotent.
---
- name: Install nginx + curl (curl needed for the smoke test)
  ansible.builtin.apt:
    name:
      - nginx
      - curl
    state: present
    update_cache: true
    cache_valid_time: 3600
  tags: [nginx_cache, packages]

- name: Ensure cache root directory
  ansible.builtin.file:
    path: "{{ nginx_cache_root }}"
    state: directory
    owner: www-data
    group: www-data
    mode: "0755"
  tags: [nginx_cache, config]

- name: Render nginx.conf (top-level)
  ansible.builtin.template:
    src: nginx.conf.j2
    dest: /etc/nginx/nginx.conf
    owner: root
    group: root
    mode: "0644"
  notify: Reload nginx
  tags: [nginx_cache, config]

- name: Disable the default site
  ansible.builtin.file:
    path: /etc/nginx/sites-enabled/default
    state: absent
  notify: Reload nginx
  tags: [nginx_cache, config]

- name: Render the veza-cache site config
  ansible.builtin.template:
    src: sites/veza-cache.conf.j2
    dest: /etc/nginx/sites-available/veza-cache.conf
    owner: root
    group: root
    mode: "0644"
  notify: Reload nginx
  tags: [nginx_cache, config]

- name: Enable veza-cache site
  ansible.builtin.file:
    src: /etc/nginx/sites-available/veza-cache.conf
    dest: /etc/nginx/sites-enabled/veza-cache.conf
    state: link
    force: true
  notify: Reload nginx
  tags: [nginx_cache, config]

- name: Validate nginx config
  ansible.builtin.command:
    cmd: nginx -t
  changed_when: false
  tags: [nginx_cache, config]

- name: Enable + start nginx
  ansible.builtin.systemd:
    name: nginx
    state: started
    enabled: true
  tags: [nginx_cache, service]