ansible/roles/certbot/tasks/main.yaml

---
- name: gather os specific variables
  ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
  vars:
    params:
      files:
        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
        - "{{ ansible_distribution }}.yaml"
        - "{{ ansible_os_family }}.yaml"
        - "default.yaml"
      paths:
        - vars

- name: include os specific tasks
  ansible.builtin.include_tasks: "{{ lookup('first_found', params) }}"
  vars:
    params:
      files:
        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
        - "{{ ansible_distribution }}.yaml"
        - "{{ ansible_os_family }}.yaml"
        - "default.yaml"
      paths:
        - tasks

- name: install certbot
  ansible.builtin.pip:
    name: "{{ certbot_package_name }}"
    state: "{{ certbot_package_state }}"

- name: install certbot plugins
  ansible.builtin.pip:
    name: "{{ certbot_plugins }}"
    state: latest

- name: create credential path
  ansible.builtin.file:
    path: "{{ certbot_credential_path }}"
    owner: root
    group: root
    mode: 0700
    state: directory

- name: request certificates
  ansible.builtin.include_tasks: "issue.yaml"
  loop: "{{ certbot_certificates }}"

- name: include linode tasks
  ansible.builtin.include_tasks: configure-linode.yaml

- name: configure renewal service
  ansible.builtin.template:
    src: certbot.service.j2
    dest: "/etc/systemd/system/certbot.service"
    owner: root
    group: root
    mode: 0644
  notify: systemd daemon-reload

- name: configure renewal timer
  ansible.builtin.template:
    src: certbot.timer.j2
    dest: "/etc/systemd/system/certbot.timer"
    owner: root
    group: root
    mode: 0644
  notify: systemd daemon-reload

- name: manage timer
  ansible.builtin.systemd:
    name: "{{ certbot_timer_name }}"
    enabled: "{{ certbot_timer_enabled }}"
    state: "{{ certbot_timer_state }}"