# This playbook just installs nginx so that it is ready to configure
# we don't bother with extra user accounts like with Beta because we
# are only concerned with using nginx to serve fully containerized
# applications. Not static files
---
- hosts: alpha
  become: yes
  vars:
    SITES:
      - search.project-athens.xyz
      - files.leftcoast.space
      - clips.shockrah.xyz
  tasks:
    - name: Install Certbot
      community.general.snap:
        name: certbot
        classic: yes

    - name: Push Configs
      copy:
        src:  "{{item}}"
        dest: "/etc/nginx/sites-available/{{item}}"
      loop: "{{ SITES }}"

    - name: Enable Sites in Nginx
      file: 
        src: "/etc/nginx/sites-available/{{item}}"
        dest: "/etc/nginx/sites-enabled/{{item}}"
        state: link
      loop: "{{ SITES }}"

    - name: Restart Nginx
      service:
        name: nginx
        state: restarted

    - name: Install Certificates for all sites on this host
      command: >
        certbot -n --nginx -m "{{CERT_EMAIL}}" --agree-tos
        --domains "{{item}}"
      loop: "{{ SITES }}"