---
- name: Install certbot packages
  ansible.builtin.package:
    name: certbot
    state: installed

- name: Create certbot group
  ansible.builtin.group:
    name: certbot
    gid: 1002

- name: Create certbot user
  ansible.builtin.user:
    name: certbot
    comment: Service Certbot
    createhome: false
    group: certbot
    home: /var/empty
    shell: /sbin/nologin
    uid: 1002

- name: Add certbot nginx site
  ansible.builtin.include_role:
    name: nginx_site
  vars:
    site: certbot.home.foo.sh

- name: Create certbot .well-known directory
  ansible.builtin.file:
    path: /srv/web/certbot.home.foo.sh/.well-known
    owner: root
    group: "{{ ansible_wheel }}"
    mode: "0755"
    state: directory

- name: Create certbot directories
  ansible.builtin.file:
    path: "{{ item }}"
    owner: root
    group: certbot
    mode: "0775"
    state: directory
  with_items:
    - /srv/web/certbot.home.foo.sh/.well-known/acme-challenge
    - /export/letsencrypt

- name: Link certbot datadirectory
  ansible.builtin.file:
    src: /export/letsencrypt
    dest: /srv/letsencrypt
    owner: root
    group: "{{ ansible_wheel }}"
    state: link
    follow: false

- name: Create certbot config
  ansible.builtin.copy:
    dest: /etc/letsencrypt/cli.ini
    src: cli.ini
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"

- name: Disable timer
  ansible.builtin.systemd:
    name: certbot-renew.timer
    enabled: false