- name: Set configuration parameters for Alpine
  when: ansible_os_family == 'Alpine'
  set_fact:
    nginx_user: nginx
    nginx_default_site: /etc/nginx/http.d/default.conf

- name: Set configuration parameters for Debian
  when: ansible_os_family == 'Debian'
  set_fact:
    nginx_user: www-data
    nginx_default_site: /etc/nginx/sites-available/default

- name: Install packages
  package:
    name:
      - certbot
      - nginx

- name: Create HTTP server directories
  file:
    path: /srv/http/.well-known
    recurse: true
    state: directory
    owner: "{{ nginx_user }}"
    group: "{{ nginx_user }}"

- name: Set up default HTTP server
  copy:
    src: default.conf
    dest: "{{ nginx_default_site }}"
  notify: reload nginx

- name: Enable nginx service
  service:
    name: nginx
    enabled: true
    state: started

- meta: flush_handlers

- name: Get LE certificate
  command:
    cmd: >
      certbot certonly
          --non-interactive --agree-tos --register-unsafely-without-email
          --webroot --webroot-path /srv/http
          -d {{ ([dns_name] + tls_domains|default([])) | join(',') }}
    creates: '/etc/letsencrypt/renewal/{{ dns_name }}.conf'

- name: Install certificate renewal deployment hook
  copy:
    dest: /etc/letsencrypt/renewal-hooks/deploy/
    src: reload-nginx.sh
    mode: 0755

- name: Enable certbot renewal
  cron:
    name: "certbot renew"
    job: "certbot renew --quiet"
    user: root
    hour: "2,14"
    minute: "18"