---
# Almost a copy of the reverse proxy http role.
# There is probably a cleaner way to do that using the 
# rp proxy http role.

- name: Install certbot
  apt:
    update_cache: true
    name:
      - certbot
      - python3-certbot-nginx
    state: latest
  register: apt_result
  retries: 3
  until: apt_result is succeeded

- name: Ensure the cert directory exists
  file:
    path: /etc/nginx/certs
    state: directory

- name: Generate Certificate for Domains
  shell: certbot certonly --standalone -d {{ matrix_server_name }} -m {{ vault_email }}  --noninteractive --agree-tos --redirect --pre-hook "sudo systemctl stop nginx" --post-hook "sudo systemctl start nginx"
  args:
    creates: "/etc/letsencrypt/live/{{ matrix_server_name }}/cert.pem"

- name: Copy certificates
  file:
    src: "/etc/letsencrypt/live/{{ matrix_server_name }}/fullchain.pem"
    dest: "/etc/nginx/certs/{{ matrix_server_name }}.crt"
    state: link
    force: yes

- name: Copy certificates key
  file:
    src: "/etc/letsencrypt/live/{{ matrix_server_name }}/privkey.pem"
    dest: "/etc/nginx/certs/{{ matrix_server_name }}.key"
    state: link
    force: yes

- name: Copy reverse proxy sites
  template:
    src: reverse_proxy
    dest: /etc/nginx/sites-available/synapse
  notify: Reload nginx

- name: Activate sites
  file:
    src: "/etc/nginx/sites-available/synapse"
    dest: "/etc/nginx/sites-enabled/synapse"
    state: link
    force: yes
  notify: Reload nginx