namespace :nginx do

task :install do
  on roles :web, :api do
    execute "#{apt_nointeractive} nginx"
    execute 'sudo sed -i "s/# server_names_hash_bucket_size 64/server_names_hash_bucket_size 64/" /etc/nginx/nginx.conf'
    template 'vhost.conf', '/etc/nginx/conf.d/vhost.conf'

    invoke 'nginx:restart'
  end
end

task :cert do
  on roles(:web, :api) do |host|
    run_locally do
      run_in host, <<-EOBLOCK
        sudo apt update
        sudo apt install certbot python3-certbot-nginx -y
        sudo certbot --nginx -m admin@#{host.hostname} --non-interactive --agree-tos --domains #{host.hostname}
      EOBLOCK
    end
  end
end

task :ssl do
  on roles(:web, :api) do |host|
    execute <<-EOBLOCK
      cd /etc/ssl/certs
      openssl dhparam -out dhparam.pem 4096
    EOBLOCK
    template 'vhost_ssl.conf', '/etc/nginx/conf.d/vhost.conf'
    invoke 'nginx:restart'
  end
end

%w(start stop restart status).each do |action|
  desc "Nginx"
  task :"#{action}" do
    on roles(:web, :api) do
      execute "sudo service nginx #{action}"
    end
  end
end

end