- name: Letsencrypt
  hosts: beepi
  become: true
  tasks:
    - name: Install Certbot
      ansible.builtin.apt:
        name: python3-certbot-nginx
        state: present

    - name: Request root certificates
      changed_when: true
      ansible.builtin.command: "certbot certonly --nginx -m secretbumblebee@proton.me --agree-tos -n --domains {{ item }}"
      loop:
        - secretbee.buzz
        - git.secretbee.buzz
        - grafana.secretbee.buzz
        - mail.secretbee.buzz
        - matrix.secretbee.buzz
        - gallery.secretbee.buzz
        - ott.secretbee.buzz

    - name: Change permission on live
      ansible.builtin.file:
        path: /etc/letsencrypt/live/
        mode: '0711'

    - name: Change permission on archive
      ansible.builtin.file:
        path: /etc/letsencrypt/archive/
        mode: '0711'