---
- name: letsencrypt
  hosts: supermaster
  become: yes
  tasks:
    - name: add domain to nginx with j2 block
      template:
        src: template/nginx-server-block.j2
        dest: /tmp/new-nginx-server-block.{{item.server_name}}.conf
      with_items:
        - server_name: payment.igarson.app
          server_config: ""
          service_port: 8018
          conf_file: base.conf


    
    - name: append /tmp/new-nginx-server-block.conf to specific conf
      shell: |
        cat /tmp/new-nginx-server-block.{{item.server_name}}.conf >> /etc/nginx/sites-available/{{ item.conf_file }}
        rm -rf /tmp/new-nginx-server-block.{{item.server_name}}.conf
      with_items:
        - server_name: payment.igarson.app
          server_config: ""
          service_port: 8018
          conf_file: base.conf



    - name: encrypt all domains 
      shell: |
        certbot --nginx -d {{item.server_name}} -n --redirect
      with_items:
        - server_name: payment.igarson.app
          server_config: ""
          service_port: 8018
          conf_file: base.conf

    - name: Reload nginx to activate specified site
      service: name=nginx state=restarted

    - name: cron job for renew certificates
      cron:
        name: renew_certificates
        special_time: weekly
        job: certbot renew --post-hook "systemctl reload nginx"