---
- name: Create certbot user '{{ certbot_user }}'
  user:
    name: "{{ certbot_user }}"
  become: True
  become_user: root
  when: not certbot_user == 'root'

- block:
    - name: Install dependencies
      pip:
        name: "{{ item }}"
        extra_args: --user
        executable: "{{ certbot_pip }}"
        state: present
      loop: "{{ certbot_packages_extra }}"

    - name: Install certbot with pip
      pip:
        name: "{{ item }}"
        extra_args: --user
        executable: "{{ certbot_pip }}"
        state: present
      loop: "{{ __certbot_packages }}"

    - name: Create certbot environment
      file:
        path: "{{ item.name }}"
        state: directory
        mode: "{{ item.mode }}"
      loop: "{{ __certbot_environment }}"
      loop_control:
        label: "{{ item.name }}"

    - name: Deploy config file
      template:
        src: config/cli.ini.j2
        dest: "{{ certbot_config_dir }}/cli.ini"

    - name: Deploy credentials file
      template:
        src: config/credentials.ini.j2
        dest: "{{ certbot_config_dir }}/credentials.ini"
        mode: 0600
      when: certbot_credentials | default([]) | length > 0

    - name: Schedule certbot run
      cron:
        name: "Certbot automatic renewal: {{ item.name }}"
        minute: "{{ certbot_cron_minute }}"
        hour: "{{ certbot_cron_hour }}"
        user: "{{ certbot_cron_user | default(certbot_user) }}"
        job: >
          {{ certbot_bin | default(__certbot_bin) }}
          --config-dir {{ certbot_config_dir }}
          --work-dir {{ certbot_work_dir }}
          --logs-dir {{ certbot_log_dir }}
          {{ certbot_command_arguments | join(' ') }}
          -n -d {{ item.domains | join(',') }}
        cron_file: "{{ certbot_cron_file | default(omit) }}"
      loop: "{{ certbot_domain_groups }}"
      loop_control:
        label: "{{ item.name }}"
      when: certbot_cron_enabled
  become: True
  become_user: "{{ certbot_user }}"