- hosts: all
  become: yes
  tasks:
  - name: install nginx
    apt:
      name: nginx

  - name: install certbot
    block:
    - apt_repository:
        repo: ppa:certbot/certbot
        state: present
        filename: certbot
    - apt:
        name: python-certbot-nginx
        update_cache: yes

  - name: setup nginx
    copy:
      src: nginx.conf
      dest: /etc/nginx/conf.d/irregular-apocalypse.kejadlen.dev.conf
    notify:
    - reload nginx

  - name: obtain the certificate
    command: >-
      certbot --nginx
      -d irregular-apocalypse.kejadlen.dev
      -m alpha+lets.encrypt@kejadlen.dev
      --agree-tos
      --non-interactive
    args:
      creates: /etc/letsencrypt/live/irregular-apocalypse.kejadlen.dev
    notify:
    - reload nginx

  - name: automatically renew certs
    cron:
      name: renew certs
      minute: 0
      hour: 12
      job: /usr/bin/certbot renew --quiet

  handlers:

  - name: reload nginx
    block:
    - command: nginx -t
    - command: nginx -s reload