- name: Install ACME dependencies
  package:
    name: "{{ package }}"
    state: present
  loop: "{{ acme_packages }}"
  loop_control:
    loop_var: package
  tags: acme_install

- name: Install SSL dependencies
  package:
    name: ssl-cert
    state: present
  tags: acme_install

- name: Create ACME config directories
  file:
    path: "{{ config_dir }}"
    state: directory
    owner: root
    group: root
    mode: "755"
  loop:
    - "{{ acme_ssl_dir }}"
    - "{{ acme_config_dir }}"
    - "{{ acme_certs_dir }}"
    - "{{ acme_csr_dir }}"
  loop_control:
    loop_var: config_dir
  tags: acme_install

- name: Create ACME private keys directory
  file:
    path: "{{ acme_keys_dir }}"
    state: directory
    owner: root
    group: "{{ acme_ssl_group }}"
    mode: "750"
  tags: acme_install

- name: Create ACME accounts directory
  file:
    path: "{{ acme_accounts_dir }}"
    state: directory
    owner: root
    group: root
    mode: "750"
  tags: acme_install

- name: Copy ACME config file
  copy:
    content: "{{ acme_config | to_nice_yaml(indent=2) }}"
    dest: "{{ acme_config_file }}"
    owner: root
    group: root
    mode: "640"
  tags: [acme_install, acme_config]

- name: Copy ACME domain config files
  copy:
    content: "{{ domain | to_nice_yaml(indent=2) }}"
    dest: "{{ acme_config_dir }}/{{ domain_name }}.yml"
    owner: root
    group: root
    mode: "640"
  loop: "{{ (acme_domains.keys() | list) if acme_domains is mapping else acme_domains }}"
  loop_control:
    label: "{{ domain_name }}"
  vars:
    domain_name: "{{ item if item is string else item.name }}"
    domain: "{{ acme_domains[item] if item is string else item }}"
  tags: [acme_install, acme_config]

- name: Create directory for certificate renewal tool
  file:
    path: /opt/acme
    owner: root
    group: root
    mode: "755"
    state: directory
  tags: acme_install

- name: Copy script to renew ACME certificates
  copy:
    src: acme_renew_cert.py
    dest: "{{ acme_script_dir }}/acme_renew_cert.py"
    owner: root
    group: root
    mode: "755"
  tags: acme_install

- name: Create '{{ acme_script_bin }}' symlink for ACME renewal script
  file:
    src: "{{ acme_script_dir }}/acme_renew_cert.py"
    dest: "{{ acme_script_bin }}"
    state: link
    owner: root
    group: root
    mode: "755"
  tags: acme_install

- name: Perform ACME challenge for each domain
  command: acme-renew-cert -c {{ acme_config_file | quote }} -d {{ acme_config_dir | quote }}
  changed_when: "'No domain to renew' not in _acme_challenge.stdout"
  register: _acme_challenge
  tags: acme_challenge

- name: Setup cron job for ACME certificates renewal of {{ domain_name }}
  cron:
    user: root
    name: acme-renew-cert
    cron_file: acme-renew-cert
    job: "{{ acme_script_bin }} -q -c {{ acme_config_file | quote }} -d {{ acme_config_dir | quote }}"
    minute: "30"
    hour: "2"
    state: present
  tags: acme_cron