---
- name: check support
  fail:
    msg: Role not supported in your system
  when: ansible_os_family != "RedHat"

- name: install certbot packages
  package:
    name: certbot
    state: installed

- name: create certbot group
  group:
    name: certbot
    gid: 1002

- name: create certbot user
  user:
    name: certbot
    comment: Service Certbot
    createhome: false
    group: certbot
    home: /var/empty
    shell: /sbin/nologin
    uid: 1002

- name: add certbot nginx site
  include_role:
    name: nginx/site
  vars:
    site: certbot.home.foo.sh

- name: create certbot .well-known directory
  file:
    path: /srv/web/certbot.home.foo.sh/.well-known
    owner: root
    group: "{{ ansible_wheel }}"
    mode: 0755
    state: directory

- name: create certbot directories
  file:
    path: "{{ item }}"
    owner: root
    group: certbot
    mode: 0775
    state: directory
  with_items:
    - /srv/web/certbot.home.foo.sh/.well-known/acme-challenge
    - /export/letsencrypt

- name: link certbot datadirectory
  file:
    src: /export/letsencrypt
    dest: /srv/letsencrypt
    owner: root
    group: "{{ ansible_wheel }}"
    state: link
    follow: false

- name: create certbot config
  copy:
    dest: /etc/letsencrypt/cli.ini
    src: cli.ini
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"