---
- name: Create certbot user '{{ certbot_user }}'
  user:
    name: "{{ certbot_user }}"
  become: True
  become_user: root
  when: not certbot_user == 'root'

- block:
    - name: Upgrade python dependencies
      pip:
        name: "{{ item }}"
        virtualenv: "{{ certbot_virtualenv }}"
        virtualenv_command: "{{ certbot_virtualenv_command }}"
        extra_args: --upgrade
      loop:
        - pip
        - setuptools

    - name: Install dependencies
      pip:
        name: "{{ item }}"
        virtualenv: "{{ certbot_virtualenv }}"
        virtualenv_command: "{{ certbot_virtualenv_command }}"
      environment:
        TMPDIR: /opt/python3/tmp
      loop: "{{ certbot_packages_extra }}"

    - name: Install certbot
      pip:
        name: "{{ item }}"
        virtualenv: "{{ certbot_virtualenv }}"
        virtualenv_command: "{{ certbot_virtualenv_command }}"
      loop: "{{ __certbot_packages }}"

    - name: Adjust file permissions
      file:
        name: "{{ certbot_virtualenv }}"
        recurse: True
        mode: u+rwX,go+rX,go-w
        state: directory

    - name: Make certbot binaries executable
      file:
        name: "{{ certbot_virtualenv }}/bin/{{ item }}"
        mode: 0755
      loop: "{{ __certbot_binaries }}"

    - name: Deploy certbot bin wrappers
      template:
        src: usr/local/bin/certbot-wrapper.j2
        dest: "/usr/local/bin/{{ item }}"
        owner: root
        group: root
        mode: 0755
      loop: "{{ __certbot_binaries }}"
  become: True
  become_user: root

- block:
    - name: Create certbot environment
      file:
        path: "{{ item.name }}"
        state: directory
        mode: "{{ item.mode }}"
      loop: "{{ __certbot_environment }}"
      loop_control:
        label: "{{ item.name }}"

    - name: Deploy config file
      template:
        src: config/cli.ini.j2
        dest: "{{ certbot_config_dir }}/cli.ini"
        mode: 0640

    - name: Deploy credentials file
      template:
        src: config/credentials.ini.j2
        dest: "{{ certbot_config_dir }}/credentials.ini"
        mode: 0600
      when: certbot_credentials | default([]) | length > 0

    - name: Schedule certbot run
      cron:
        name: "Certbot automatic renewal: {{ item.name }}"
        minute: "{{ certbot_cron_minute }}"
        hour: "{{ certbot_cron_hour }}"
        user: "{{ certbot_cron_user | default(certbot_user) }}"
        job: >
          {{ certbot_bin | default(__certbot_bin) }}
          --config-dir {{ certbot_config_dir }}
          --work-dir {{ certbot_work_dir }}
          --logs-dir {{ certbot_log_dir }}/{{ item.name }}
          --max-log-backups {{ certbot_max_log_backups }}
          {{ certbot_command_arguments | join(' ') }}
          -n -d {{ item.domains | join(',') }}
        cron_file: "{{ certbot_cron_file | default(omit) }}"
      loop: "{{ certbot_domain_groups }}"
      loop_control:
        label: "{{ item.name }}"
      when: certbot_cron_enabled
  become: True
  become_user: "{{ certbot_user }}"