---
- hosts: webservers
  become: true
  tasks:
    - name: Ensure nginx is installed
      apt:
        name: nginx
        state: present

    - name: Change the nginx port
      replace:
        path: /etc/nginx/sites-enabled/default
        regexp: "listen [0-9]+"
        replace: "listen {{ http_port }}"

    - name: Reload nginx for new config
      service:
        name: nginx
        state: reloaded

    - name: Push website content to the web root
      copy:
        src: index.html
        dest: /var/www/html/
        mode: u=rw,g=r,o=r

    - name: Firewall - Allow SSH connections
      ufw:
        rule: allow
        name: OpenSSH

    - name: Firewall - Allow website connections
      ufw:
        rule: allow
        port: "{{ http_port }}"

    - name: Firewall - Deny everything else
      ufw:
        state: enabled
        policy: deny

    - name: Validate that the http_port is working
      wait_for:
        host: "{{ ansible_host }}"
        port: "{{ http_port }}"
        timeout: 5
      connection: local