---
- name: Setup website
  hosts: raspberry
  gather_facts: false
  tasks:
     - name: Install packages
       become: true
       tags:
       - slow
       apt:
         pkg:
         - nginx
         - certbot
         - python3-certbot-nginx

     - name: Copy nginx configuration
       become: true
       copy:
         src: ./files/nginx/website
         dest: /etc/nginx/sites-available

     - name: Enable website
       become: true
       command: "ln -sf /etc/nginx/sites-available/website /etc/nginx/sites-enabled"

     - name: Install SSL certificate
       become: true
       shell: "certbot --nginx --non-interactive --agree-tos -m eugene@eug-vs.xyz -d eug-vs.xyz -d www.eug-vs.xyz"

     - name: Setup auto-renewing certificates
       become: true
       cron:
         name: "Auto-renew certificates"
         minute: "0"
         hour: "12"
         job: "/usr/bin/certbot renew --quiet"

     - name: Allow user to write to website location
       become: true
       shell: |
         mkdir -p /var/www/website
         chown -R eug-vs:eug-vs /var/www/website

     - name: Restart and enable nginx
       become: true
       systemd:
         name: nginx
         enabled: yes
         state: restarted