---
- name: Include vault variables
  ansible.builtin.include_vars: vault.yml

- name: Install needed packages
  become: true
  ansible.builtin.apt:
    name:
      - certbot
      - virtualenv
    state: present

- name: Install certbot-dns-infomaniak authenticator
  become: true
  ansible.builtin.pip:
    name: certbot-dns-infomaniak
    state: present
    virtualenv: /etc/letsencrypt/certbot_dns_infomaniak_venv


- name: Copy authenticator credentials file
  become: true
  ansible.builtin.copy:
    dest: /etc/letsencrypt/infomaniak_credentials.ini
    content: "dns_infomaniak_token = {{ infomaniak_api_token }}"
    mode: 0600
    owner: root
    group: root

- name: Perform dns-01 challenge
  become: true
  ansible.builtin.command:
    argv:
      - /etc/letsencrypt/certbot_dns_infomaniak_venv/bin/certbot
      - certonly
      - -n
      - --authenticator
      - dns-infomaniak
      - --dns-infomaniak-credentials
      - /etc/letsencrypt/infomaniak_credentials.ini
      - --server
      - https://acme-v02.api.letsencrypt.org/directory
      - --rsa-key-size
      - 4096
      - -d
      - "{{ domain }}"
      - -m
      - "{{ server_admin }}"
      - --agree-tos
    creates: "/etc/letsencrypt/live/{{ domain }}"