---
- name: Install certbot
  apt:
    update_cache: true
    name: 
      - certbot
      - python3-certbot-nginx
    state: latest
  register: apt_result
  retries: 3
  until: apt_result is succeeded

- name: Ensure the cert directory exists
  file:
    path: /etc/nginx/certs
    state: directory

- name: Copy snippets
  template:
    src: "nginx/snippets/{{ item }}"
    dest: "/etc/nginx/snippets/{{ item }}"
  loop:
    - options-proxypass.conf
    - connection_upgrade.conf # fix some nginx bug

- name: Copy reverse proxy sites
  template:
    src: "nginx/sites-available/reverse_proxy"
    dest: "/etc/nginx/sites-available/{{ item.from }}"
  loop: "{{ reverse_proxy_sites }}"

- name: Activate sites
  file:
    src: "/etc/nginx/sites-available/{{ item.from }}"
    dest: "/etc/nginx/sites-enabled/{{ item.from }}"
    state: link
    force: yes
  loop: "{{ reverse_proxy_sites }}"

- name: Generate Certificate for Domains
  shell: certbot certonly --standalone -d {{ item.from }} -m {{ vault_email }}  --noninteractive --redirect --pre-hook "sudo systemctl stop nginx" --post-hook "sudo systemctl start nginx"
  args:
    creates: "/etc/letsencrypt/live/{{ item.from }}/cert.pem"
  loop: "{{ reverse_proxy_sites }}"

- name: Copy certificates
  file:
    src: "/etc/letsencrypt/live/{{ item.from }}/cert.pem"
    dest: "/etc/nginx/certs/{{ item.from }}.crt"
    state: link
    force: yes
  loop: "{{ reverse_proxy_sites }}"

- name: Copy certificate keys
  file:
    src: "/etc/letsencrypt/live/{{ item.from }}/privkey.pem"
    dest: "/etc/nginx/certs/{{ item.from }}.key"
    state: link
    force: yes
  loop: "{{ reverse_proxy_sites }}"
  notify: Reload nginx