---
- name: Install needed packages
  become: true
  ansible.builtin.apt:
    name:
      - certbot
      - virtualenv
    state: present

- name: Install certbot-dns-infomaniak authenticator
  become: true
  ansible.builtin.pip:
    name: certbot-dns-infomaniak
    state: present
    virtualenv: /etc/letsencrypt/certbot_dns_infomaniak_venv


- name: Copy authenticator credentials file
  become: true
  ansible.builtin.copy:
    dest: /etc/letsencrypt/infomaniak_credentials.ini
    content: "dns_infomaniak_token = {{ infomaniak_api_token }}"
    mode: 0600
    owner: root
    group: root

- name: Perform dns-01 challenge
  become: true
  ansible.builtin.command:
    argv:
      - /etc/letsencrypt/certbot_dns_infomaniak_venv/bin/certbot
      - certonly
      - -n
      - --authenticator
      - dns-infomaniak
      - --dns-infomaniak-credentials
      - /etc/letsencrypt/infomaniak_credentials.ini
      - --server
      - https://acme-v02.api.letsencrypt.org/directory
      - --rsa-key-size
      - 4096
      - -d
      - "{{ domain }}"
      - -m
      - "{{ server_admin }}"
      - --agree-tos
    creates: "/etc/letsencrypt/live/{{ domain }}"

- name: Create directory for certbot.service override
  become: true
  ansible.builtin.file:
    path: /etc/systemd/system/certbot.service.d
    state: directory
    owner: root
    group: root
    mode: 0755

- name: Create override for certbot.service
  become: true
  ansible.builtin.copy:
    src: certbot.service.d/use_venv.conf
    dest: /etc/systemd/system/certbot.service.d/use_venv.conf
    owner: root
    group: root
    mode: 0644
  notify: Reload systemd daemon

- name: Make sure systemd daemon is reloaded
  ansible.builtin.meta: flush_handlers