---
- name: install
  apt:
    name:
      - nginx
      - letsencrypt
      - python3-certbot-nginx
    state: present
    update_cache: yes

- name: create web user
  user:
    name: "{{ www_user }}"
    group: "{{ www_group }}"
    comment: "Web user"
    shell: /bin/bash
    home: "{{ www_home }}"
    system: true
    state: present

- name: authorize deployer ssh key to wwwuser
  authorized_key:
    user: "{{ www_user }}"
    state: present
    key: "{{ lookup('file', '../../../deploy.pub') }}"

- name: define wwwuser as nginx's user
  replace:
    path: /etc/nginx/nginx.conf
    regexp: '^user (.+);$'
    replace: "user {{ www_user }};"

- name: restart nginx
  service:
    name: nginx
    state: restarted

- name: create letsencrypt's challenge directory
  file:
    name: /var/www/letsencrypt
    state: directory

- name: generate letsencrypt's dhparams
  shell: openssl dhparam -out /etc/letsencrypt/ssl-dhparams.pem 2048
  args:
    creates: /etc/letsencrypt/ssl-dhparams.pem