- hosts: all
  become: yes
  tasks:
  - name: install nginx
    apt:
      name: nginx

  - name: install certbot
    block:
    - apt_repository:
        repo: ppa:certbot/certbot
        state: present
        filename: certbot
    - apt:
        name: python-certbot-nginx
        update_cache: yes

  - name: nginx conf files
    copy:
      src: nginx.conf
      dest: /etc/nginx/conf.d/irregular-apocalypse.kejadlen.dev.conf
    notify: reload nginx

  - name: obtain ssl certificates
    command: >-
      certbot --nginx
      -d {{ item }}
      -m alpha+lets.encrypt@kejadlen.dev
      --agree-tos
      --non-interactive
    args:
      creates: /etc/letsencrypt/live/{{ item }}
    with_items:
      - irregular-apocalypse.kejadlen.dev
      - dev.irregular-apocalypse.kejadlen.dev
    notify: reload nginx

  - name: automatically renew certs
    cron:
      name: renew certs
      minute: "0"
      hour: "12"
      job: /usr/bin/certbot renew --quiet

  handlers:

  - name: reload nginx
    shell: nginx -t && nginx -s reload