# If self_signed = true, in nginx/files: generate root CA (if regenereate_root_ca = true),
# and sign a wildcard certificate. Copy certificates to /etc/ssl/.
- name: ensure directories exist
  file:
    path: "{{ item }}"
    state: directory
    mode: '0755'
  loop:
    - "{{ data_folder }}/nginx"
    - "{{ data_folder }}/nginx/conf.d"
    - "{{ data_folder }}/nginx/sites-enabled"
    - "{{ data_folder }}/nginx/sites-available"
    - "{{ data_folder }}/nginx/snippets"
- name: generate self-signed certs
  import_tasks: self-signed.yml
  when: self_signed
- name: create nginx bridge network
  docker_network:
    name: nginx-internal
    attachable: true
    internal: true
    state: present
- name: copy nginx.conf
  template:
    src: nginx.conf.j2
    dest: "{{ data_folder }}/nginx/nginx.conf"
    mode: '0755'
- name: copy snippets
  template:
    src: "{{ item }}"
    dest: "{{ data_folder }}/nginx/snippets/{{ item | basename | regex_replace('.j2$', '') }}"
    mode: '0755'
  with_fileglob:
    - "../templates/snippets/*.conf.j2"
- name: run container
  docker_container:
    name: 'nginx'
    image: nginx
    networks:
      - name: bridge
      - name: nginx-internal
    volumes:
      - "{{ data_folder }}/nginx/conf.d:/etc/nginx/conf.d"
      - "{{ data_folder }}/nginx/nginx.conf:/etc/nginx/nginx.conf"
      - "{{ data_folder }}/nginx/sites-available:/etc/nginx/sites-available"
      - "{{ data_folder }}/nginx/sites-enabled:/etc/nginx/sites-enabled"
      - "{{ data_folder }}/nginx/snippets:/etc/nginx/snippets"
      - "{{ data_folder }}/nginx/{{ base_domain }}.key:/etc/ssl/{{ base_domain }}.key"
      - "{{ data_folder }}/nginx/{{ base_domain }}.crt:/etc/ssl/{{ base_domain }}.crt"
    ports:
      - "80:80"
      - "443:443"
    env:
      NGINX_HOST: "{{ base_domain }}"
      NGINX_PORT: '80'
    state: started
    restart: yes