---
- name: Prepare
  hosts: all
  tasks:
    - name: Install sudo
      ansible.builtin.dnf:
        name: sudo
        state: present

    - name: "Display hera_home if defined."
      ansible.builtin.set_fact:
        hera_home: "{{ lookup('env', 'HERA_HOME') }}"

- name: Prepare proxy
  hosts: proxy
  vars:
    nginx_proxy: |
      location / {
          proxy_set_header        Host $host;
          proxy_set_header        X-Real-IP $remote_addr;
          proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header        X-Forwarded-Proto $scheme;
          proxy_pass              http://instance:8080;
      }
  roles:
    - elan.simple_nginx_reverse_proxy
  pre_tasks:
    - name: Create certificate request
      ansible.builtin.command: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -nodes -subj '/CN=proxy'
      delegate_to: localhost
      changed_when: false
    - name: Make certificate directory
      ansible.builtin.file:
        path: /etc/nginx/tls
        state: directory
        mode: 0755
    - name: Copy certificates
      ansible.builtin.copy:
        src: "{{ item.name }}"
        dest: "{{ item.dest }}"
        mode: 0444
      become: true
      loop:
        - { name: 'cert.pem', dest: '/etc/nginx/tls/certificate.crt' }
        - { name: 'key.pem', dest: '/etc/nginx/tls/certificate.key' }
    - name: Update CA trust
      ansible.builtin.command: update-ca-trust
      changed_when: false
      become: true