---
- ansible.builtin.import_tasks:
    file: remove_conflicting.yaml
  tags: [ never, acme_remove_conflicting ]

- name: Install Dehydrated
  tags: [ acme, acme_install ]
  block:
    - name: Install dependencies
      ansible.builtin.apt:
        name: ssl-cert
        state: present

    - name: Install Dehydrated
      ansible.builtin.apt:
        name: dehydrated
        state: present

    - name: Install config file
      ansible.builtin.template:
        src: config.sh
        dest: /etc/dehydrated/conf.d/ansible.sh
        owner: root
        group: root
        mode: 0755
      notify: update_contact_info

    - name: Install deploy hook
      ansible.builtin.template:
        src: deploy.sh
        dest: /etc/dehydrated/conf.d/deploy.sh
        owner: root
        group: root
        mode: 0755

    - name: Install cronjob
      ansible.builtin.template:
        src: cron
        dest: /etc/cron.d/dehydrated
        owner: root
        group: root
        mode: 0644

    - name: Create Nginx snippet snippets dir
      ansible.builtin.file:
        state: directory
        path: /etc/nginx/snippets
        owner: root
        group: root
        mode: 0755

    - name: Install Nginx snippet
      ansible.builtin.template:
        src: nginx-snippet.conf
        dest: /etc/nginx/snippets/acme.conf
        owner: root
        group: root
        mode: 0644

    - name: Register account
      ansible.builtin.command:
        cmd: dehydrated --register --accept-terms
      args:
        creates: /var/lib/dehydrated/accounts

- tags: [ acme, acme_certs ]
  block:
    - name: Configure certificates
      ansible.builtin.template:
        src: domains.txt
        dest: /etc/dehydrated/domains.txt
        owner: root
        group: root
        mode: 0644
      notify: query_certificates

    - name: Symlink SAN domains
      ansible.builtin.include_tasks:
        file: san_domains_loop.yaml
      loop: "{{ acme_san_domains|default([]) }}"
      loop_control:
        loop_var: domains