---
# This role sets up a SSL certificate for our web server and then sets up said
# web server

- name: Make TLS certificate storage directory
  ansible.builtin.file: name=/etc/ssl/letsencrypt/ state=directory
- name: Make sure /opt exists
  ansible.builtin.file: name=/opt state=directory
- name: Clone acme.sh repository
  ansible.builtin.git:
    repo: https://github.com/Neilpang/acme.sh.git
    dest: /opt/acme.sh
- name: Install acme.sh
  ansible.builtin.shell: cd /opt/acme.sh && ./acme.sh --install
- name: Template and copy over our account.conf for acme.sh
  ansible.builtin.template:
    src: account.conf
    dest: /root/.acme.sh/account.conf
- name: Install nginx
  ansible.builtin.apt:
    name: nginx
    state: present
- name: Install socat for standalone mode
  ansible.builtin.apt:
    name: socat
    state: present
- name: Generate certificate using acme.sh
  ansible.builtin.shell: /root/.acme.sh/acme.sh --issue --standalone -d {{ NITTER_DOMAIN }} --pre-hook "service nginx stop"
  ignore_errors: yes
- name: Install certificate in storage directory
  ansible.builtin.shell: /root/.acme.sh/acme.sh --install-cert -d {{ NITTER_DOMAIN }} --key-file /etc/ssl/letsencrypt/{{ NITTER_DOMAIN }}.pem --fullchain-file /etc/ssl/letsencrypt/{{ NITTER_DOMAIN }}.crt --reloadcmd "service nginx restart"
- name: Remove default nginx config in sites-enabled
  ansible.builtin.file:
    path: /etc/nginx/sites-enabled/default
    state: absent
- name: Copy Nitter nginx vhost template to sites-available
  ansible.builtin.template:
    src: nitter-nginx.conf
    dest: /etc/nginx/sites-available/{{ NITTER_DOMAIN }}.conf
- name: Enable Nitter nginx vhost template
  ansible.builtin.file:
    src: /etc/nginx/sites-available/{{ NITTER_DOMAIN }}.conf
    dest: /etc/nginx/sites-enabled/{{ NITTER_DOMAIN }}.conf
    state: link
- name: Make sure nginx service is restarted
  ansible.builtin.service:
    name: nginx
    state: restarted