# {{ ansible_managed }}

- hosts: 
    - {{ proxy_server_hostname }} 
      #    - {{ proxy_server_hostname }}-defaultport
  become: 'yes'
  ignore_errors: true
  vars:

    # Packages to install
    packages:
      # Reverse Proxy/Webserver
      - nginx

      # VPN Server
      - wireguard

      # TLS
      - certbot
      - python3-certbot-nginx

  tasks:
    - name: Apply default doas configuration allowing wheel group users to elevate commands with prompt
      become: yes
      template:
        src: root_resources/etc/doas.conf
        dest: "/etc/doas.conf"
    - name: Temporarily disable doas pass prompt as doas persist does not work within scripts
      become: yes
      replace:
        path: /etc/doas.conf
        regexp: 'persist'
        replace: 'nopass'

    - name: Ensure list of packages is installed
      apt:
        name: '{{ "{{" }} packages {{ "}}" }}'
        state: present
    # NGinx Reverse Proxy/Webserver Setup
    - name: Ensure NGinx sites config directory exists 
      ansible.builtin.file:
        path: /etc/nginx/sites-available/
        state: directory

    - name: Ensure reverse proxy git domain config is updated
      template:
        src: proxy_resources/etc/nginx/sites-available/cockpit.domain
        dest: "/etc/nginx/sites-available/cockpit.{{ domain_name }}"
    - name: Enable the reverse proxy git domain config
      ansible.builtin.file:
        src: /etc/nginx/sites-available/cockpit.{{ domain_name }}
        dest: /etc/nginx/sites-enabled/cockpit.{{ domain_name }}
        state: link

    - name: Enable NGinx
      ansible.builtin.systemd:
        name: nginx
        enabled: yes
        state: started

    - name: Reset doas configuration back to default
      become: yes
      template:
        src: root_resources/etc/doas.conf
        dest: "/etc/doas.conf"

    # End
    - name: Debug Finish message
      debug:
        msg: Ansible playbook has finished!