- name: Configure Apache with Let's Encrypt
  hosts: monitor
  become: yes
  gather_facts: yes

  tasks:
    - name: Install Apache2
      apt:
        name: apache2
        state: present
        update_cache: yes

    - name: Install Certbot and Apache plugin
      apt:
        name:
          - certbot
          - python3-certbot-apache
        state: present

    - name: Ensure site root exists
      file:
        path: "{{ site_root }}"
        state: directory
        owner: www-data
        group: www-data
        mode: '0755'

    - name: Create index.html
      template:
        src: templates/index.html.j2
        dest: "{{ site_root }}/index.html"
        owner: www-data
        group: www-data
        mode: '0644'

    - name: Create Apache virtual host config
      template:
        src: templates/vhost.conf.j2
        dest: /etc/apache2/sites-available/{{ site_name }}.conf
      notify: Reload Apache

    - name: Enable site
      command: a2ensite {{ site_name }}
      notify: Reload Apache

    - name: Enable SSL module
      command: a2enmod ssl
      notify: Reload Apache

    - name: Ensure Apache is running and enabled
      service:
        name: apache2
        state: started
        enabled: yes

    - name: Obtain Let's Encrypt certificate using certbot
      command: >
        certbot --apache -n --agree-tos --redirect
        -d {{ site_name }}
        --email {{ admin_email }}
      args:
        creates: /etc/letsencrypt/live/{{ site_name }}/fullchain.pem

  handlers:
    - name: Reload Apache
      service:
        name: apache2
        state: reloaded

    - name: Restart Apache
      service:
        name: apache2
        state: restarted