---

- name: Create user acme
  user:
    name: acme
    shell: /bin/bash
    state: present

- name: Clone ACME.sh repository
  become: yes
  become_user: acme
  git:
    repo: https://github.com/Neilpang/acme.sh.git
    dest: /home/acme/acme.sh
    update: no

- name: Prepare webroot directory
  file:
    path: /home/acme/webroot/.well-known
    state: directory
    owner: acme
    group: acme
    mode: 0755

- name: Install ACME.sh
  become: yes
  become_user: acme
  command: ./acme.sh --install
  args:
    chdir: /home/acme/acme.sh
    creates: /home/acme/.acme.sh

- name: Deploy sudoers file for acme
  template:
    src: acme.j2
    dest: /etc/sudoers.d/acme
    owner: root
    group: root
    mode: 0440
    validate: visudo -c -f %s

- name: Issue certificates
  become: yes
  become_user: acme
  command: '.acme.sh/acme.sh --issue -d {{ item.name | mandatory }}{% if item.alt is defined %} -d{% endif %} {{ item.alt | default([]) | join(" -d ") }} -w /home/acme/webroot/ --reloadcmd "sudo {{ item.reloadcmd | default(acme_reload_cmd) }}"'
  args:
    chdir: /home/acme
    creates: "/home/acme/.acme.sh/{{ item.name | mandatory }}/{{ item.name }}.cer"
  with_items:
  - "{{ acme_issue_certs }}"