- name: Docker installieren
  apt:
    name:
      - docker.io
      - docker-compose
    state: present
    update_cache: yes

- name: Certbot + Plugin installieren
  apt:
    name:
      - certbot
      - python3-certbot-nginx
    state: present
    update_cache: yes

- name: Challenge-Verzeichnis für Let's Encrypt anlegen
  file:
    path: /var/www/html/.well-known/acme-challenge
    state: directory
    owner: www-data
    group: www-data
    mode: '0755'
    recurse: yes

- name: Füge Let's Encrypt Challenge-Pfad in den Nginx-Vhost ein
  blockinfile:
    path: /etc/nginx/sites-available/default
    marker: "# {mark} ANSIBLE LETSENCRYPT"
    insertafter: "^\\s*server\\s*{"
    block: |
      location ^~ /.well-known/acme-challenge/ {
          root /var/www/html;
          allow all;
          default_type "text/plain";
      }
  notify: Reload nginx



- name: Let's Encrypt Zertifikat anfordern
  command: >
    certbot --nginx -n --agree-tos --redirect
    -m kontakt@michaelschiemer.de
    -d test.michaelschiemer.de
  args:
    creates: /etc/letsencrypt/live/test.michaelschiemer.de/fullchain.pem