---
- name: Install certbot
  become: true
  apt:
    name: certbot
    state: present
    update_cache: yes

- name: Create acme directory
  become: true
  file:
    path: /var/www/acme
    state: directory
    mode: 0755

- name: Copy acme apache conf
  become: true
  copy:
    src: acme.conf
    dest: /etc/apache2/conf-available/acme.conf

- name: Enable modules
  become: true
  apache2_module:
    name: "{{ item }}"
    state: present
  with_items:
    - rewrite
    - ssl
  notify: Reload apache2 service

- name: Enable acme apache conf
  become: true
  command: a2enconf acme
  register: result
  changed_when: "'already enabled' not in result.stdout"
  notify: Reload apache2 service

- name: Allow certbot renewal
  become: true
  copy:
    src: http-certbot.conf
    dest: /etc/nftables/input.d/http-certbot.conf
  notify: Reload nftables service