---
# Tasks to be run inside the Nginx proxy container

- set_fact:
    container: '{{ nombre | urlencode | lower | regex_replace("_", "-") }}'

- name: Verify Nginx config
  copy:
    src: nginx.conf
    dest: '/etc/nginx/nginx.conf'

- name: Create basic Nginx config for new container
  template:
    src: newsite.conf.j2
    dest: '/etc/nginx/sites-available/{{ container }}.{{ dominio }}'

- name: Enable Nginx config for new container
  file:
    state: link
    src: '/etc/nginx/sites-available/{{ container }}.{{ dominio }}'
    dest: '/etc/nginx/sites-enabled/{{ container }}.{{ dominio }}'

- name: Create folder for Let's Encrypt files
  file:
    path: '/var/www/{{ container }}'
    state: directory
    owner: www-data
    group: www-data
    mode: '0755'
    
- name: Restart Nginx
  systemd:
    name: nginx
    state: restarted

- name: Install Let's Encrypt certbot
  apt:
    name:
      - certbot
      - python3-certbot-nginx
    state: latest

- name: Request Let's Encrypt certificate
  command:
    cmd: 'certbot --redirect --agree-tos -m {{ email }} --hsts --nginx -n -d {{ container }}.{{ dominio }}'
 
# Certbot doesn't add proxy_protocol.
# (https://github.com/certbot/certbot/issues/8057)

- name: Use Proxy protocol in port 443
  lineinfile:
    path: '/etc/nginx/sites-available/{{ container }}.{{ dominio }}'
    line: '    listen 443 ssl proxy_protocol;'
    regexp: '^    listen 443'

- name: Use Proxy protocol in port 443 IPv6
  lineinfile:
    path: '/etc/nginx/sites-available/{{ container }}.{{ dominio }}'
    line: '    listen [::]:443 ssl proxy_protocol;'
    regexp: '^    listen .....443'

- name: Restart Nginx again
  systemd:
    name: nginx
    state: restarted