- name: Install ACME dependencies
  package:
    name: python3-acme
    state: present
  tags: acme_install

- name: Install SSL dependencies
  package:
    name: ssl-cert
    state: present

- name: Create Let's Encrypt config directories
  file:
    path: "{{ config_dir }}"
    state: directory
    owner: root
    group: "{{ acme_ssl_group }}"
    mode: "711"
  loop:
  - "{{ acme_config_dir }}"
  - "{{ acme_keys_dir }}"
  - "{{ acme_accounts_dir }}"
  - "{{ acme_csr_dir }}"
  loop_control:
    loop_var: config_dir
  tags: acme_install

- name: Create challenge directory
  file:
    path: "{{ acme_challenge_dir }}/.well-known/acme-challenge"
    state: directory
    owner: root
    group: root
    mode: "755"
  tags: acme_install

- name: Perform ACME challenge for each domain
  include_tasks:
    file: acme_challenge.yml
    apply:
      tags: acme_challenge
  loop: "{{ acme_domains | unique }}"
  loop_control:
    loop_var: domain_name
  tags: acme_challenge

- name: Create directory for certificate renewal tool
  file:
    path: /opt/acme
    owner: root
    group: root
    mode: "755"
    state: directory
  tags: acme_renew

- name: Copy script to renew ACME certificates
  copy:
    src: acme_renew_cert.py
    dest: /opt/acme/acme_renew_cert.py
    owner: root
    group: root
    mode: "755"
  tags: acme_renew
  
- name: Setup cron job for ACME certificates renewal of {{ domain_name }}
  cron:
    name: acme renew {{ domain_name }} cert
    job: >-
      bash -c 'sleep $((RANDOM \% 3600))' && /opt/acme/acme_renew_cert.py {{ domain_name }} -q
      -a {{ (acme_accounts_dir + '/' + acme_account_key) | quote }}
      -p {{ acme_keys_dir | quote }}/{domain}.pem
      -r {{ acme_csr_dir | quote }}/{domain}.csr
      -o {{ acme_certs_dir | quote }}/{domain}.d
      -c {{ acme_challenge_dir | quote }}/.well-known/acme-challenge
    minute: "30"
    hour: "2"
    state: present
  loop: "{{ acme_domains | unique }}"
  loop_control:
    loop_var: domain_name
  tags: acme_renew