---
- name: "Install nginx"
  pacman:
    name: "nginx"
    state: "present"

- name: "Enable and start nginx service"
  service:
    name: "nginx"
    enabled: "yes"
    state: "started"

- name: "Create nginx config directory"
  file:
    path: "/etc/nginx/conf.d"
    state: "directory"

- name: "Create nginx vhost directory"
  file:
    path: "/etc/nginx/sites"
    state: "directory"

- name: "Create certbot directory"
  file:
    path: "/usr/share/nginx/letsencrypt"
    state: "directory"

- name: "Copy base nginx.conf"
  template:
    src: "nginx.conf.j2"
    dest: "/etc/nginx/nginx.conf"
  notify: "reload nginx"

- name: "Install nginx site for letsencrypt requests"
  template:
    src: "nginx-http.j2"
    dest: "/etc/nginx/sites/http"
  notify: "reload nginx"

- name: "Force all notified nginx handlers to enable letsencrypt"
  meta: "flush_handlers"

- name: "Create letsencrypt certificate"
  shell: "certbot certonly -n --webroot -w /usr/share/nginx/letsencrypt -m {{ letsencrypt_email }} --agree-tos -d {{ domain_name }}"
  args:
    creates: "/etc/letsencrypt/live/{{ domain_name }}"

- name: "Generate dhparams"
  shell: "openssl dhparam -out /etc/nginx/dhparams.pem 2048"
  args:
    creates: "/etc/nginx/dhparams.pem"

- name: "Install nginx site config"
  template:
    src: templates/nginx-https.j2
    dest: /etc/nginx/sites/https
  notify: "reload nginx"