#####################################
### someone's ansible provisioner ###
#####################################
# Part of: https://git.somenet.org/root/pub/somesible.git
# 2017-2024 by someone <someone@somenet.org>
#
---
- name: append {{letsencrypt_cert_domain}} to domains.txt
  lineinfile:
    line: "{{letsencrypt_cert_domain}} {{letsencrypt_cert_domain_alias}}"
    path: "/etc/dehydrated/domains.txt"
    mode: 0640
    owner: "letsencrypt"
    group: "letsencrypt"
  changed_when: False
  when: letsencrypt_cert_domain != ""


- name: create domains.txt.ansible.tmp for {{letsencrypt_cert_domain}}
  copy:
    content: "{{letsencrypt_cert_domain}} {{letsencrypt_cert_domain_alias}}\n"
    dest: "/etc/dehydrated/domains.txt.ansible.tmp"
    mode: 0640
    owner: "letsencrypt"
    group: "letsencrypt"
  changed_when: False
  when: letsencrypt_cert_domain != ""


- name: request cert for {{letsencrypt_cert_domain}}
  shell: "/usr/bin/dehydrated -c"
  args:
    creates: "/etc/ssl/letsencrypt/{{letsencrypt_cert_domain}}/cert.pem"
  environment:
    DOMAINS_TXT: '/etc/dehydrated/domains.txt.ansible.tmp'
  become: true
  become_user: "letsencrypt"
  tags: "online"
  when: letsencrypt_cert_domain != ""


- name: fix permissions for /etc/ssl/letsencrypt/{{letsencrypt_cert_domain}}
  file:
    path: "/etc/ssl/letsencrypt/{{letsencrypt_cert_domain}}"
    state: directory
    recurse: yes
    mode: "u+rwX,g+rX,o-rwx"
    owner: "letsencrypt"
    group: "ssl-cert"
  when: letsencrypt_cert_domain != ""


- name: remove domains.txt.ansible.tmp
  file:
    path: "/etc/dehydrated/domains.txt.ansible.tmp"
    state: absent
  changed_when: False