- name: Install Nginx
  apt: pkg=nginx

- name: Generate a private key and a X.509 certificate for Nginx
  command: genkeypair.sh x509
                         --pubkey=/etc/nginx/ssl/lists.fripost.org.pem
                         --privkey=/etc/nginx/ssl/lists.fripost.org.key
                         --ou=WWW --cn=lists.fripost.org --dns=lists.fripost.org
                         -t rsa -b 4096 -h sha512
  register: r1
  changed_when: r1.rc == 0
  failed_when: r1.rc > 1
  notify:
    - Restart Nginx
  tags:
    - genkey

- name: Copy /etc/nginx/sites-available/sympa
  copy: src=etc/nginx/sites-available/sympa
        dest=/etc/nginx/sites-available/sympa
        owner=root group=root
        mode=0644
  register: r2
  notify:
    - Restart Nginx

- name: Create /etc/nginx/sites-enabled/sympa
  file: src=../sites-available/sympa
        dest=/etc/nginx/sites-enabled/sympa
        owner=root group=root
        state=link
  register: r3
  notify:
    - Restart Nginx

- name: Start nginx
  service: name=nginx state=started
  when: not (r1.changed or r2.changed or r3.changed)

- meta: flush_handlers

- name: Fetch Nginx's X.509 certificate
  # Ensure we don't fetch private data
  sudo: False
  fetch: src=/etc/nginx/ssl/lists.fripost.org.pem
         dest=certs/public/
         fail_on_missing=yes
         flat=yes
  tags:
    - genkey