- name: install certbot
  apt:
    name: certbot
    default_release: "{{ certbot_debian_release }}"
  when: letsencrypt

- name: "empty default list of domains for Let's Encrypt"
  file:
    path: "/etc/letsencrypt/static_sites.list"
    state: absent
  when: letsencrypt

- name: "empty lists of domains for Let's Encrypt"
  file:
    path: "/etc/letsencrypt/{{ item.letsencrypt_cert }}.list"
    state: absent
  with_items: "{{ static_sites }}"
  when: letsencrypt and item.letsencrypt_cert is defined

- name: "create lists of domains for static sites to get Let's Encrypt certs for"
  shell: |
    list="/etc/letsencrypt/{{ item.letsencrypt_cert|default('static_sites') }}.list"
    wellknown="/srv/letsencrypt/{{ item.domain }}"
    if [ "{{ item.letsencrypt|default(false) }}" = True ]
    then
        echo "{{ item.domain }} {{ item.alias|default('') }}" >> "$list"
        mkdir -p "$wellknown/acme-challenge"
    fi
  with_items: "{{ static_sites }}"
  when: letsencrypt

- name: install script to run certbot
  template:
    src: deploy_static_site_certs
    dest: /usr/local/sbin/deploy_static_site_certs 
    owner: root
    group: root
    mode: 0755
  when: letsencrypt

- name: "get initial certificate from Let's Encrypt"
  shell: /usr/local/sbin/deploy_static_site_certs
  when: letsencrypt

- name: "run deploy_static_site_certs from cron"
  copy:
    content: |
      0 0 * * * root chronic /usr/local/sbin/deploy_static_site_certs
    dest: /etc/cron.d/deploy_static_site_certs
    owner: root
    group: root
    mode: 0644
  when: letsencrypt


- name: install apache and related packages
  apt:
    name:
    - rsync
    - apache2

# This may fail if the TLS cert isnt' installed by a previous playbook
# run, since it restarts Apache.
- name: enable apache modules for ssl
  apache2_module:
    state: present
    name: "{{ item }}"
  with_items:
    - ssl
    - rewrite

- name: create dirs for static site contents
  file:
    state: directory
    path: "/srv/http/{{ item.domain }}"
    owner: "{{ item.owner }}"
    group: "{{ item.owner }}"
    mode: 0755
  with_items: "{{ static_sites }}"

- name: create log dirs for websites
  file:
    state: directory
    path: "/var/log/apache2/{{ item.domain }}"
    owner: www-data
    group: www-data
    mode: 0755
  with_items: "{{ static_sites }}"

- name: configure apache to serve static sites
  template:
    src: virtualhost.conf.tmpl
    dest: "/etc/apache2/sites-available/{{ item.domain }}.conf"
    owner: root
    group: root
    mode: 0644
  with_items: "{{ static_sites }}"

- name: enable apache sites
  shell: a2ensite "{{ item.domain }}"
  with_items: "{{ static_sites }}"
  notify:
    - restart apache

- name: set default charset to utf8
  copy:
    content: |
      AddDefaultCharset UTF-8
    dest: /etc/apache2/conf-available/charset.conf

- name: "install htpasswd files"
  copy:
    content: "{{ item.htpasswd }}"
    dest: "/srv/http/{{ item.domain }}.htpasswd"
    owner: root
    group: root
    mode: 0644
  with_items: "{{ static_sites }}"
  when: item.htpasswd is defined