---
- name: Installer et configurer Nginx sur VPS Ubuntu
  hosts: webservers
  become: yes
  
  tasks:
    - name: Mettre à jour le cache apt
      apt:
        update_cache: yes
        cache_valid_time: 3600

    - name: Installer Nginx
      apt:
        name: nginx
        state: present

    - name: Installer apache2-utils pour htpasswd
      apt:
        name: apache2-utils
        state: present

    - name: Installer la librairie Python passlib
      apt:
        name: python3-passlib
        state: present

    - name: Créer un fichier de mots de passe
      htpasswd:
        path: /etc/nginx/.htpasswd
        name: admin
        password: "mdp123"
        owner: root
        group: www-data
        mode: '0640'

    - name: Installer Certbot pour Let's Encrypt
      apt:
        name:
          - certbot
          - python3-certbot-nginx
        state: present

    - name: Obtenir un certificat SSL avec Certbot
      command: certbot --nginx -d defder.fr --non-interactive --agree-tos --email bottero.romain1811@gmail.com --redirect
      notify: Restart Nginx
      args:
        creates: /etc/letsencrypt/live/defder.fr/fullchain.pem

    - name: Configurer le renouvellement automatique du certificat
      cron:
        name: "Renouveler le certificat SSL"
        minute: "0"
        hour: "3"
        job: "certbot renew --quiet"
    

    - name: S'assurer qu'UFW est installé
      apt:
        name: ufw
        state: present

    - name: Autoriser le trafic SSH dans le firewall (UFW)
      ufw:
        rule: allow
        port: '22'
        proto: tcp

    - name: Autoriser le trafic HTTP dans le firewall (UFW)
      ufw:
        rule: allow
        port: '80'
        proto: tcp

    - name: Autoriser le trafic HTTPS dans le firewall (UFW)
      ufw:
        rule: allow
        port: '443'
        proto: tcp

    - name: Activer UFW(uncomplicated firewall)
      ufw:
        state: enabled

    - name: Démarrer et activer Nginx
      systemd:
        name: nginx
        state: started
        enabled: yes

    - name: Déployer la configuration Nginx avec authentification
      template:
        src: templates/nginx-auth.conf.j2
        dest: /etc/nginx/sites-available/defder
      notify: Recharger Nginx

    - name: Activer le site
      file:
        src: /etc/nginx/sites-available/defder
        dest: /etc/nginx/sites-enabled/defder
        state: link
      notify: Recharger Nginx

    - name: Désactiver le site par défaut
      file:
        path: /etc/nginx/sites-enabled/default
        state: absent
      notify: Recharger Nginx

    - name: Vérifier que Nginx est en cours d'exécution
      service:
        name: nginx
        state: started
      register: nginx_status

    - name: Afficher le statut de Nginx
      debug:
        msg: "Nginx est installé et en cours d'exécution"


    - name: Récupérer l'IP du serveur
      command: hostname -I
      register: server_ip
      changed_when: false

    - name: Créer le dossier du site web
      file:
        path: /var/www/html
        state: directory
        owner: www-data
        group: www-data
        mode: '0755'

    - name: Déployer la page HTML
      template:
        src: files/index.html
        dest: /var/www/html/index.html
        owner: www-data
        group: www-data
        mode: '0644'

    - name: Déployer le fichier CSS
      copy:
        src: files/style.css
        dest: /var/www/html/style.css
        owner: www-data
        group: www-data
        mode: '0644'

    - name: Afficher l'URL d'accès
      debug:
        msg: "Nginx est accessible à l'adresse : https://defder.fr (ou http://{{ server_ip.stdout.split()[0] }} qui redirige vers HTTPS)"

  handlers:
    - name: Restart Nginx
      service:
        name: nginx
        state: restarted

    - name: Recharger Nginx
      systemd:
        name: nginx
        state: reloaded