---
# This role install nginx, configures it and sets up a Let's Encrypt certificate for the
# Mastodon instance

- name: Install nginx and letsencrypt
  apt: name={{ item }} state=latest update_cache=yes
  with_items:
     - nginx
     - letsencrypt
- name: Stop nginx for now
  service: name=nginx state=stopped
- name: Generate Let's Encrypt TLS certificate for Mastodon instance
  shell: letsencrypt certonly -n --agree-tos --standalone -d {{ ansible_nodename }} --email "webmaster@{{ ansible_nodename }}"
- name: Remove default nginx config in sites-enabled
  file:
    path: /etc/nginx/sites-enabled/default
    state: absent
- name: Copy Mastodon nginx vhost template to sites-available
  template:
    src: mastodon-nginx.conf
    dest: /etc/nginx/sites-available/{{ LOCAL_DOMAIN }}.conf
- name: Enable Mastodon nginx vhost template
  file:
    src: /etc/nginx/sites-available/{{ LOCAL_DOMAIN }}.conf
    dest: /etc/nginx/sites-enabled/{{ LOCAL_DOMAIN }}.conf
    state: link
- name: Start nginx
  service: name=nginx state=started
- name: Copy and enable Let's Encrypt renew script
  copy:
    src: letsencrypt-renew.sh
    dest: /etc/cron.daily/letsencrypt-renew.sh
    mode: 0700