# frozen_string_literal: true

namespace :nginx do

task :install do
  on roles :web, :api do
    execute "#{apt_nointeractive} nginx"
    execute 'sudo sed -i "s/# server_names_hash_bucket_size 64/server_names_hash_bucket_size 64/" /etc/nginx/nginx.conf'
    template "vhost.conf", "/etc/nginx/conf.d/vhost.conf"

    invoke "nginx:restart"
  end
end

task :cert do
  on roles(:web, :api) do |host|
    run_locally do
      run_in host, <<-EOBLOCK
        sudo apt update
        sudo apt install certbot python3-certbot-nginx -y
        sudo certbot --nginx -m admin@#{host.hostname} --non-interactive --agree-tos --domains #{host.hostname}
      EOBLOCK
    end
  end
end

task :ssl do
  on roles(:web, :api) do |_host|
    execute <<-EOBLOCK
      cd /etc/ssl/certs
      openssl dhparam -out dhparam.pem 4096
    EOBLOCK
    template "vhost_ssl.conf", "/etc/nginx/conf.d/vhost.conf"
    invoke "nginx:restart"
  end
end

%w[start stop restart status].each do |action|
  desc "Nginx"
  task :"#{action}" do
    on roles(:web, :api) do
      execute "sudo service nginx #{action}"
    end
  end
end

end