---

- name: Install Dehydrated
  ansible.builtin.apt:
    state: present
    pkg:
      - dehydrated
  tags:
    - acme

- name: Create Nginx snippet snippets dir
  ansible.builtin.file:
    state: "directory"
    path: "/etc/nginx/snippets"
    owner: "root"
    group: "root"
    mode: "0755"

- name: Template dehydrated configfiles
  ansible.builtin.template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: "{{ item.owner | default('root') }}"
    group: "{{ item.group | default('root') }}"
    mode: "{{ item.mode | default('0640') }}"
  notify: "{{ item.notify | default([]) }}"
  with_items:
    - { src: "config.sh",          dest: "/etc/dehydrated/conf.d/ansible.sh", mode: '0755' }
    - { src: "deploy.sh",          dest: "/etc/dehydrated/conf.d/deploy.sh",  mode: '0755' }
    - { src: "cron",               dest: "/etc/cron.d/dehydrated" }
    - { src: "nginx-snippet.conf", dest: "/etc/nginx/snippets/acme.conf" }
    - { src: "domains.txt",        dest: "/etc/dehydrated/domains.txt", notify: "run dehydrated" }

- name: Register account
  ansible.builtin.command:
  args:
    cmd: dehydrated --register --accept-terms
    creates: /var/lib/dehydrated/accounts

- name: Symlink SAN domains
  ansible.builtin.include_tasks:
    file: san_domains_loop.yaml
  loop: "{{ acme_san_domains|default([]) }}"
  loop_control:
    loop_var: domains