---

- name: Install nginx
  become: true
  apt:
    name: [ nginx, certbot, python3-certbot-nginx ]
    state: present

- name: Place temporary nginx config
  become: true
  template:
    src: templates/nginx.j2
    dest: /etc/nginx/sites-available/joystreamstats

- name: Link nginx config
  become: true
  file:
    src: /etc/nginx/sites-available/joystreamstats
    path: /etc/nginx/sites-enabled/joystreamstats
    state: link

- name: Remove default nginx config
  become: true
  file:
    path: /etc/nginx/sites-enabled/default
    state: absent

- name: Extract letsencrypt account
  become: true
  unarchive:
    creates: /etc/letsencrypt/account
    #remote_src: false
    src: templates/letsencrypt.tar.xz
    dest: /
    owner: root
    group: root
    mode: '0700'

- name: Run certbot
  become: true
  shell: certbot certonly --nginx -n -d "{{ inventory_hostname }}.api.joystreamstats.live"
  args:
    creates: /etc/letsencrypt/live/{{ inventory_hostname }}.api.joystreamstats.live
  # https://certbot.eff.org/lets-encrypt/debianbuster-nginx

- name: Place SSL-enabled nginx config
  become: true
  template:
    src: templates/nginx-ssl.j2
    dest: /etc/nginx/sites-available/joystreamstats

- name: Reload nginx service
  become: true
  systemd:
    name: nginx
    state: reloaded
    enabled: true    

- name: Update joystream-node service file
  become: true
  template:
    src: templates/joystream-node.service.j2
    dest: /etc/systemd/system/joystream-node.service

- name: Update systemd daemon
  become: true
  shell: systemctl daemon-reload

- name: Restart joystream service
  become: true
  systemd:
    name: joystream-node
    state: restarted
    enabled: true    

- name: Update hostname
  become: yes
  shell: hostname {{ inventory_hostname }}.api.joystreamstats.live

- name: Overwrite hostname file
  become: yes
  shell: echo {{ inventory_hostname }}.api.joystreamstats.live > /etc/hostname