- name: ensure directories exist
  file:
    path: "{{ item }}"
    state: directory
    mode: '0755'
  loop:
    - "{{ nginx_confd_folder }}"
- name: generate root ca
  command: openssl req \
                    -x509 \
                    -new \
                    -nodes \
                    -newkey rsa:2048 \
                    -keyout "{{ data_folder }}/nginx/rootca.key" \
                    -out "{{ data_folder }}/nginx/rootca.pem" \
                    -sha256 \
                    -days 3650 \
                    -subj "/C=CZ/L=Prague/CN=Homelab/emailAddress={{ admin_email }}"
  args:
    creates: rootca.*
- name: generate wildcard csr
  command: openssl req \
                    -new \
                    -nodes \
                    -newkey rsa:2048 \
                    -keyout "{{ data_folder }}/nginx/{{ base_domain }}.key" \
                    -out "{{ data_folder }}/nginx/{{ base_domain }}.csr" \
                    -subj "/C=CZ/L=Prague/CN=*.{{ base_domain }}/emailAddress={{ admin_email }}"
  args:
    creates: "{{ data_folder }}/nginx/{{ base_domain }}.*"
- name: sign wildcard csr with root ca
  command: openssl x509 \
                    -req \
                    -in "{{ data_folder }}/nginx/{{ base_domain }}.csr" \
                    -CA "{{ data_folder }}/nginx/rootca.pem" \
                    -CAkey "{{ data_folder }}/nginx/rootca.key" \
                    -CAcreateserial \
                    -out "{{ data_folder }}/nginx/{{ base_domain }}.crt" \
                    -days 3650 \
                    -sha256
  args:
    creates: "{{ data_folder }}/nginx/{{ base_domain }}.crt"
- name: install root ca
  command: trust anchor "{{ data_folder }}/nginx/rootca.pem"
  args:
    creates: /etc/ca-certificates/extracted/cadir/Homelab*
  become: yes
- name: copy certificates
  copy:
    src: "{{ item }}"
    dest: "{{ data_folder }}/nginx"
    mode: '0755'
  loop:
    - "{{ data_folder }}/nginx/{{ base_domain }}.key"
    - "{{ data_folder }}/nginx/{{ base_domain }}.crt"
- name: copy .conf file
  template:
    src: nginx.conf.j2
    dest: "{{ data_folder }}/nginx/nginx.conf"
    mode: '0755'
- name: create nginx bridge network
  docker_network:
    name: nginx-internal
    attachable: true
    internal: true
    state: present
- name: run container
  docker_container:
    name: 'nginx'
    image: nginx
    networks:
      - name: nginx-internal
    volumes:
      - "{{ data_folder }}/nginx/nginx.conf:/etc/nginx/nginx.conf"
      - "{{ data_folder }}/nginx/{{ base_domain }}.key:/etc/nginx/{{ base_domain }}.key"
      - "{{ data_folder }}/nginx/{{ base_domain }}.crt:/etc/nginx/{{ base_domain }}.crt"
      - "{{ nginx_confd_folder }}:/etc/nginx/conf.d"
    ports:
      - "80:80"
      - "443:443"
    env:
      NGINX_HOST: "{{ base_domain }}"
      NGINX_PORT: '80'
    state: started
    restart: yes