- name: install and configure nginx
  include_role:
    name: nginx
  vars:
    nginx:
      security:
        csp:
        pp:
        headers:
          Cross-Origin-Embedder-Policy:
          Cross-Origin-Opener-Policy:
          Cross-Origin-Resource-Policy:

      servers:
        - conf: redirect_80_any
          name: '*'
          http: yes

        - conf: redirect_80_monroe43
          name: '*.monroe43.ru'
          no_tld: yes
          http: yes

        - conf: redirect_443_monroe43
          name: 'monroe43.ru'
          no_tld: yes
        - conf: redirect_443_monroe43
          name: 'www.monroe43.ru'
          no_tld: yes

        - conf: shop
          name: shop
        - conf: feedback
          name: feedback
        - conf: welcome-spb
          name: welcome-spb
        - conf: spb-10-8
          name: spb-10-8
        - conf: mta-sts
          name: mta-sts

        - conf: default
          is_root: yes
          cn: yes
        - conf: default
          name: www

      certs: yes
      tld: "{{ tld }}"
      security_headers: yes

      domains:
        - "{{ tld }}"
        - "www.{{ tld }}"
        - "monroe43.ru"
        - "www.monroe43.ru"
        - "feedback.{{ tld }}"
        - "mta-sts.{{ tld }}"
        - "shop.{{ tld }}"
        - "spb-10-8.{{ tld }}"
        - "welcome-spb.{{ tld }}"


- name: create directories
  file:
    path: "{{ webroot_dir ~ '/' ~ item }}"
    state: directory
  loop:
    - acme
    - acme/.well-known
    - acme/.well-known/acme-challenge
    - static
    - mta-sts
    - mta-sts/.well-known


- name: build mta-sts file
  template:
    src: mta-sts-file.j2
    dest: "{{ webroot_dir }}/mta-sts/.well-known/mta-sts.txt"
    force: yes
    lstrip_blocks: yes


- name: upload static bimi logo
  copy:
    src: logo.svg
    dest: "{{ webroot_dir }}/static/logo.svg"


- name: add directories to backup plan
  include_role:
    name: backup
  vars:
    function: add
    backup_items:
      - "{{ webroot_dir }}"