---
# Certbot
#
# Linux-Server-Admin.com Ansible Role for cert management with Certbot
#
# Main Tasks
#

- name: "Check if certbot_debug is defined and true and if set debug_nolog to false for all sensitive tasks"
  set_fact:
    debug_nolog: false
  when: certbot_debug is defined and certbot_debug is true

- name: "Install Certbot"
  include_tasks: install.yml
  when: certbot_install | default(true) | bool

- shell: "certbot --version"
  register: __certbot_version

- debug:
    var: __certbot_version
  when: certbot_debug is defined and certbot_debug is true

- name: Check Webserver
  debug:
    msg: "Selected Webserver: {{ certbot_webserver }}"
  when: certbot_webserver is defined and certbot_debug is defined and certbot_debug is true

- name: "Check if certificate already exists"
  ansible.builtin.stat:
    path: /etc/letsencrypt/live/{{ item.name }}/cert.pem
  register: certbot_vhosts_host
  with_items: "{{ certbot_vhosts }}"
  become: true

- name: "Generate certificate scripts"
  ansible.builtin.template:
    src: "generate-cert.sh.j2"
    dest: "/usr/local/bin/certbot-{{ item.item.name }}.sh"
    mode: +x
  with_items: "{{ certbot_vhosts_host.results }}"
  become: true
#  no_log: debug_nolog | default(true) | bool

- name: "Exec cert script"
  ansible.builtin.shell: '/usr/local/bin/certbot-{{ item.item.name }}.sh'
  with_items: "{{ certbot_vhosts_host.results }}"
  become: true
#  no_log: debug_nolog | default(true) | bool

# list all installed certificates
- name: "List all installed certificates"
  ansible.builtin.command:
    cmd: "certbot certificates"
  register: __certbot_certificates
  failed_when: false
  changed_when: false
  become: true
#  when: certbot_debug is defined and certbot_debug is true

- debug:
    var: __certbot_certificates.stdout_lines
  when: certbot_debug is defined and certbot_debug is true

- name: "Generate LetsEncrypt FreeIPA Integration script"
  ansible.builtin.template:
    src: "letsencrypt-freeipa.sh.j2"
    dest: "/usr/local/bin/letsencrypt-freeipa.sh"
    mode: +x
  when: certbot_freeipa | default(false) | bool
  become: true

- name: "Setup Certbot facts"
  include_tasks: facts.yml
  when: certbot_facts | default(false) | bool

- name: "Setup Certbot readme"
  include_tasks: readme.yml
  when: certbot_readme | default(false) | bool