- name: Copy first stage nginx config
  copy:
      src: nginx_nossl.conf
      dest: /etc/nginx/nginx.conf

- name: Add nginx user to uwsgi group for access to uwsgi socket
  user:
      name: nginx
      groups: uwsgi
      append: yes

- name: Create subdomain content dirs
  file:
    path: /var/www/{{item}}
    state: directory
    owner: nginx
    group: nginx
    mode: 0550
  loop:
      - git.jaseg.de
      - blog.jaseg.de
      - kochbuch.jaseg.net
#      - tracespace.jaseg.net
#      - openjscad.jaseg.net
      - automation.jaseg.de

- name: Copy uwsgi systemd socket config
  copy:
      src: uwsgi-app@.socket
      dest: /etc/systemd/system/

- name: Copy uwsgi systemd service config
  copy:
      src: uwsgi-app@.service
      dest: /etc/systemd/system/

- name: Set SELinux to permissive mode # FIXME this is to let nginx talk to uwsgi
  selinux:
    state: permissive
    policy: targeted

- name: Enable and launch nginx systemd service
  systemd:
      name: nginx.service
      enabled: yes
      state: restarted

- name: Create subdomain letsencrypt certificates
  command: certbot --nginx certonly -d {{item}} -n --agree-tos --email {{item}}-letsencrypt@jaseg.de
  args:
      creates: /etc/letsencrypt/live/{{item}}/fullchain.pem
  loop:
      - git.jaseg.net
      - git.jaseg.de
      - blog.jaseg.net
      - blog.jaseg.de
      - automation.jaseg.de
      - dyndns.jaseg.de
      - vcdrender.jaseg.de
#      - kochbuch.jaseg.de
#      - kochbuch.jaseg.net
#      - gerbolyze.jaseg.net
#      - tracespace.jaseg.net
#      - openjscad.jaseg.net
#      - pogojig.jaseg.net

- name: Copy final nginx config
  copy:
      src: nginx.conf
      dest: /etc/nginx/nginx.conf

- name: Restart nginx to load new cert
  systemd:
      name: nginx.service
      state: restarted

- name: Enable certbot renewal timer
  systemd:
      name: certbot-renew.timer
      enabled: yes