---
# The home-server project produces a multi-purpose setup using Ansible.
# Copyright © 2018 Y. Gablin, under the GPL-3.0-or-later license.
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.

### UPSTREAM BEGIN ⇒ ###
- name: pull prerequisites from upstream
  include_role: name=etckeeper.inc allow_duplicates=true tasks_from=upstream.yml
  vars:
    msg: ACME
### ⇐ UPSTREAM BEGIN ###

- name: install dehydrated (Let’s Encrypt)
  include_role:
    name: aur.inc
    allow_duplicates: true
  vars:
    packages:
      - dehydrated-git
    aur_user: git

### UPSTREAM END ⇒ ###
- name: merge upstream
  include_role: name=etckeeper.inc allow_duplicates=true tasks_from=merge.yml
  vars:
    msg: ACME
### ⇐ UPSTREAM END ###

- name: set Let’s Encrypt domains
  copy:
    content: |
      {{acme_domains}}
    dest: /etc/dehydrated/domains.txt
    mode: 0644

- name: create Let’s Encrypt top directory
  file:
    path: /var/lib/acme
    state: directory
    mode: 0711

- name: create Let’s Encrypt accounts directory
  file:
    path: /var/lib/acme/accounts
    state: directory
    mode: 0700

- name: create Let’s Encrypt certs directory
  file:
    path: /var/lib/acme/certs
    state: directory
    mode: 0755

- name: set dehydrated settings
  template:
    src: templates/dehydrated.config.j2
    dest: /etc/dehydrated/config
    mode: 0600

- name: set dehydrated hooks
  template:
    src: templates/hook.sh.j2
    dest: "/etc/dehydrated/{{nickname}}-hook.sh"
    mode: 0700

- name: create dehydrated timer
  copy:
    src: files/dehydrated.timer
    dest: /etc/systemd/system/dehydrated.timer
    mode: 0644
  notify:
    - restart dehydrated.service

- name: enable dehydrated
  systemd:
    daemon_reload: true
    name: dehydrated.timer
    enabled: true

### LOCAL COMMIT ⇒ ###
- name: commit local changes
  include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml
  vars:
    msg: ACME
### ⇐ LOCAL COMMIT ###
- meta: flush_handlers