---

- name: Set up Lets Encrypt
  hosts: ramble-hard
  vars_files:
    - ../vars.private
  tasks:

  - apt:
      update_cache: yes

  - package:
      name:
      - certbot
      - nginx

  - service:
      name: nginx
      state: stopped

  - command: >
      certbot certonly --standalone --preferred-challenges http
      -n --agree-tos -m {{ lets_encrypt.email }}
      -d {{ tld }}
    vars:
      tld: "{{ item.value['subdomain'] | default(item.key) }}.{{ domain }}"
    loop: "{{ apps | dict2items }}"

  - service:
      name: nginx
      state: started

  - template:
      src: renew-certs
      dest: /etc/cron.daily/renew-certs
      mode: +x

# - name: Set up nginx proxies
#   hosts: ramble-hard
#   vars_files:
#     - ../vars.private
#   tasks:

#   - template:
#       src: nginx.conf
#       dest: /etc/nginx/sites-available/{{ item.key }}.conf
#     vars:
#       server_name: "{{ item.value['subdomain'] | default(item.key) }}.{{ domain }}"
#       port: "{{ item.value['port'] }}"
#     loop: "{{ apps | dict2items }}"
#     notify: Restart nginx

#   - file:
#       src: /etc/nginx/sites-available/{{ item.key }}.conf
#       dest: /etc/nginx/sites-enabled/{{ item.key }}.conf
#       state: link
#     loop: "{{ apps | dict2items }}"
#     notify: Restart nginx

  # handlers:

  #   - name: Restart nginx
  #     service:
  #       name: nginx
  #       state: restarted