---
- name: Install certbot
  become: true
  ansible.builtin.apt:
    pkg:
      - certbot
      - python3-certbot-dns-cloudflare
- name: Create certbot directory
  become: true
  ansible.builtin.file:
    path: /etc/certbot
    state: directory
    owner: root
    group: root
    mode: '1750'
- name: Copy cloudflare credentials
  become: true
  ansible.builtin.template:
    src: cloudflare.ini.j2
    dest: /etc/certbot/cloudflare.ini
    owner: root
    group: root
    mode: '0660'
- name: Issue certificates
  become: true
  ansible.builtin.shell:
    certbot certonly -n --agree-tos --expand --email {{ email }} --dns-cloudflare --dns-cloudflare-credentials /etc/certbot/cloudflare.ini -d {{ domain }} -d '*.{{ domain }}'
  args:
    creates: /etc/letsencrypt/live/{{ domain }}/fullchain.pem
- name: Create a directory to store combined files
  become: true
  ansible.builtin.file:
    path: /etc/haproxy/certs
    state: directory
    mode: '1700'
    owner: "99"
    group: "99"
- name: Combine certificate and private key
  become: true
  ansible.builtin.shell:
    cat fullchain.pem privkey.pem > /etc/haproxy/certs/{{ domain }}.pem
  args:
    chdir: /etc/letsencrypt/live/{{ domain }}