- name: Install certbot package (Archlinux)
  when: ansible_facts['os_family'] == "Archlinux"
  community.general.pacman:
    name:
      - certbot
      - certbot-dns-{{ certbot_dns_plugin }}
    state: present
    update_cache: true

- name: Install certbot webserver plugin (Archlinux)
  when:
    - ansible_facts['os_family'] == "Archlinux"
    - certbot_webserver_type == 'nginx'
  community.general.pacman:
    name:
      - certbot-nginx
    state: present
    update_cache: true

- name: Template out the dns config file
  when: certbot_dns_plugin == 'rfc2136'
  ansible.builtin.template:
    src: "{{ certbot_dns_plugin }}.conf.j2"
    dest: "/etc/letsencrypt/{{ certbot_dns_plugin }}.conf"
    owner: root
    group: root
    mode: '0600'

- name: Register certbot account
  ansible.builtin.command:
    argv:
      - "certbot register"
      - "--agree-tos"
      - "--email {{ certbot_email }}"
      - "--no-eff-email"
    creates: /etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/{{ certbot_email }}

- name: Request and install certificates
  ansible.builtin.command:
    argv:
      - "certbot --nginx run -n"
      - "--dns-{{ certbot_dns_plugin }}"
      - "--dns-{{ certbot_dns_plugin }}-credentials /etc/letsencrypt/{{ certbot_dns_plugin }}.conf"
      - "-d {{ item }}"
    creates: /etc/letsencrypt/live/{{ item }}/fullchain.pem
  loop: "{{ certbot_domains }}"

- name: Enable certbot renewal
  ansible.builtin.service:
    name: certbot-renew.timer
    state: started
    enabled: true