---
# This just installs acme.sh for freifunk
- name: Check if acme.sh config files exists
  ansible.builtin.stat:
    path: "/root/.acme.sh"
    get_checksum: false
  become: true
  register: acme_config
- name: Download acme.sh
  ansible.builtin.get_url:
    url: "https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh"
    dest: "/opt/downloaded_acme.sh"
    force: true
    mode: '755'
    owner: root
    group: root
  become: true
  become_method: sudo
  register: download_acme
  when: acme_config.stat.exists == false
- name: Install socat (required for acme.sh)
  ansible.builtin.apt:
    name: socat
    state: present
  become: true
- name: Copy downloaded_acme.sh for installation (temporary file) # the script copies ./acme.sh
  ansible.builtin.copy:
    remote_src: true
    src: "/opt/downloaded_acme.sh"
    dest: "/opt/acme.sh"
    mode: '755'
    owner: root
    group: root
  become: true
  when: download_acme.changed and acme_config.stat.exists == false
- name: Install acme.sh
  ansible.builtin.command:
    cmd: "/bin/bash /opt/downloaded_acme.sh --install --nocron -m freifunk@c3l.lu"
    chdir: "/opt" # Required because of script copying ./acme.sh
  become: true
  become_method: sudo
  when: download_acme.changed and acme_config.stat.exists == false
- name: Delete temporary acme.sh file
  ansible.builtin.file:
    path: "/opt/acme.sh"
    state: absent
  become: true
  when: download_acme.changed and acme_config.stat.exists == false
- name: Update acme.sh if not newly installed
  ansible.builtin.command:
    cmd: "/bin/bash /root/.acme.sh/acme.sh --upgrade"
  become: true
  when: acme_config.stat.exists
- name: Add cronjob for acme.sh
  ansible.builtin.cron:
    name: "reissue certs if necessary"
    user: root
    job: "/root/.acme.sh/acme.sh --cron --home \"/root/.acme.sh/\" > /dev/null"
    state: "present"
    minute: "0"
    hour: "0"
    day: "*"
    month: "*"
    weekday: "*"
  become: true