---
- name: Install NGINX
  apt:
    update_cache: true
    name: nginx
    state: latest
  register: apt_result
  retries: 3
  until: apt_result is succeeded

- name: Install certbot
  apt:
    update_cache: true
    name: 
      - certbot
      - python3-certbot-nginx
    state: latest
  register: apt_result
  retries: 3
  until: apt_result is succeeded

- name: Ensure the cert directory exists
  file:
    path: /etc/nginx/certs
    state: directory

- name: Copy snippets
  template:
    src: "nginx/snippets/{{ item }}"
    dest: "/etc/nginx/snippets/{{ item }}"
  loop:
    - options-proxypass.conf

- name: Copy reverse proxy sites
  template:
    src: "nginx/sites-available/reverse_proxy"
    dest: "/etc/nginx/sites-available/{{ item.from }}"
  loop: "{{ reverse_proxy_sites }}"

- name: Activate sites
  file:
    src: "/etc/nginx/sites-available/{{ item.from }}"
    dest: "/etc/nginx/sites-enabled/{{ item.from }}"
    state: link
    force: yes
  loop: "{{ reverse_proxy_sites }}"

- name: Stop nginx to let the certbot do its job
  systemd:
    name: nginx
    state: stoped

- name: Generate Certificate for Domains
  shell: certbot certonly --standalone -d {{ item.from }} -m {{ vault_email }}  --noninteractive --redirect
  loop: "{{ reverse_proxy_sites }}"

- name: Start nginx
  systemd:
    name: nginx
    state: started