# This playbook just installs nginx so that it is ready to configure
# we don't bother with extra user accounts like with Beta because we
# are only concerned with using nginx to serve fully containerized
# applications. Not static files
---
- hosts: atlas
  become: yes
  vars:
    CERT_EMAIL: "dev@shockrah.xyz"
    SITES:
      - search.project-athens.xyz
      - files.leftcoast.space
      - clips.shockrah.xyz
  tasks:
    - name: Install nginx
      apt:
        name: nginx
        state: latest

    - name: Install Certbot
      community.general.snap:
        name: certbot
        classic: yes

    - name: Push Configs
      copy:
        src:  "{{ '../nginx-plain-conf/' ~ item }}"
        dest: "{{ '/etc/nginx/sites-available/' ~  item }}"
      loop: "{{ SITES }}"

    - name: Enable Sites in Nginx
      file: 
        src: "/etc/nginx/sites-available/{{item}}"
        dest: "/etc/nginx/sites-enabled/{{item}}"
        state: link
      loop: "{{ SITES }}"

    - name: Restart Nginx
      service:
        name: nginx
        state: restarted

    - name: Install Certificates for all sites on this host
      command: >
        certbot -n --nginx -m "{{ CERT_EMAIL }}" --agree-tos
        --domains "{{item}}"
      loop: "{{ SITES }}"