---
- name: flush existing nginx https enabled sites
  become: true
  file:
    path: "/etc/nginx/sites-enabled/{{ item }}"
    state: absent
  with_items:
    - "{{ ci_server_name }}.https.conf"
  notify: restart_nginx
  tags: ssl

- meta: flush_handlers
  tags: ssl

- name: generate openssl dhparam for nginx
  become: true
  command: |
    openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 2048
  args:
    creates: /etc/ssl/certs/dhparam.pem
  tags: ssl

- name: create ssl certificate for ci server
  become: true
  command: |
    certbot certonly --webroot --webroot-path=/srv/http \
    -m {{ ci_server_email }} --agree-tos \
    -d {{ ci_server_name }}
  args:
    creates: "/etc/letsencrypt/live/{{ ci_server_name }}"
  tags: ssl

- name: check if certbot certificate was created
  become: true
  stat:
    path: "/etc/letsencrypt/live/{{ ci_server_name }}"
  register: stat_result
  tags: ssl

- name: template nginx https sites-available
  become: true
  template:
    src: "templates/nginx/sites/{{ item }}.j2"
    dest: "/etc/nginx/sites-available/{{ item }}"
    mode: 0644
  with_items:
    - "{{ ci_server_name }}.https.conf"
  tags: ssl

- name: enable desired nginx https sites
  become: true
  file:
    src: "/etc/nginx/sites-available/{{ item }}"
    dest: "/etc/nginx/sites-enabled/{{ item }}"
    state: link
  with_items:
    - "{{ ci_server_name }}.https.conf"
  notify: restart_nginx
  when: stat_result.stat.exists
  tags: ssl