---
# py-cryptography is needed for self-signed certificates
# we could probably do away with certbot.
- name: Nginx -- Ensuring Nginx dependencies are installed.
  apk:
    name: nginx, certbot, py-cryptography
    state: present

- name: Nginx -- Ensuring that the ssl folder exists
  file:
    name: "{{ pleroma_ssl_folder }}"
    state: directory
    mode: '0700'
    owner: root
    group: root

- name: Nginx -- Ensuring that the ssl private key is generated.
  openssl_privatekey:
    mode: '0400'
    group: root
    owner: root
    path: "{{ pleroma_ssl_privateKeyPath }}"
    size: 4096
    state: present
    type: RSA

- name: Nginx -- Ensuring that the certificate signing request is generated.
  openssl_csr:
    mode: '0400'
    group: root
    owner: root
    path: "{{ pleroma_ssl_csrPath }}"
    privatekey_path: "{{ pleroma_ssl_privateKeyPath }}"
    common_name: "{{ pleroma_config_host }}"

- name: Nginx -- Ensuring the self-signed certificate is generated.
  openssl_certificate:
    path: "{{ pleroma_ssl_selfSignedCertPath }}"
    privatekey_path: "{{ pleroma_ssl_privateKeyPath }}"
    csr_path: "{{ pleroma_ssl_csrPath }}"
    provider: selfsigned

- name: Nginx -- Ensuring the Nginx configuration is present.
  template:
    src: etc_ngnix_confd_pleroma.conf.j2
    dest: /etc/nginx/conf.d/pleroma.conf
    owner: root
    group: root
    mode: '0400'

- name: Nginx -- Ensuring that Nginx is enabled and started.
  service:
    name: nginx
    enabled: yes
    state: started