---
- name: Install nginx
  ansible.builtin.apt:
    name: nginx
    state: present
  become: true
- name: Copy snippets
  ansible.builtin.copy:
    src: "{{ server_config_dir }}/nginx/snippets/"
    dest: "/etc/nginx/snippets/"
    owner: root
    group: root
    mode: "0644"
  become: true
- name: Install dhparam
  ansible.builtin.copy:
    src: "{{ server_config_dir }}/nginx/dhparam"
    dest: "/etc/nginx/dhparam"
    owner: root
    group: root
    mode: "0644"
  become: true
- name: Change default config
  ansible.builtin.copy:
    src: "{{ server_config_dir }}/nginx/configs/default"
    dest: "/etc/nginx/sites-available/default"
    owner: root
    group: root
    mode: "0644"
  become: true
- name: Install bogus certificate + group (snakeoil tls)
  ansible.builtin.apt:
    name: ssl-cert
    state: present
  become: true
- name: Enable + Restart nginx
  ansible.builtin.service:
    name: nginx
    state: reloaded
    enabled: true
  become: true
- name: Make sure acme.sh is installed
  ansible.builtin.include_tasks:
    file: "{{ ansible_repo_dir }}/web/tasks/install_acme_sh.yml"
- name: Issue certificate for domains
  ansible.builtin.include_tasks:
    file: "{{ ansible_repo_dir }}/web/tasks/issue_cert.yml"
- name: Set up nginx config
  ansible.builtin.include_tasks:
    file: "{{ ansible_repo_dir }}/web/tasks/set_up_nginx_config.yml"