- name: Letsencrypt
  hosts: pi
  become: true
  tasks:
    - name: Install Certbot
      ansible.builtin.apt:
        name: python3-certbot-nginx
        state: present

    - name: Request root certificates
      changed_when: true
      ansible.builtin.command: certbot certonly --nginx -m secretbumblebee@proton.me --agree-tos -n --domains secretbee.buzz

    - name: Request root certificates
      changed_when: true
      ansible.builtin.command: certbot certonly --nginx -m secretbumblebee@proton.me --agree-tos -n --domains lounge.secretbee.buzz

    - name: Request irc certificates
      changed_when: true
      ansible.builtin.command: certbot certonly --nginx -m secretbumblebee@proton.me --agree-tos -n --domains irc.secretbee.buzz

    - name: Request git certificates
      changed_when: true
      ansible.builtin.command: certbot certonly --nginx -m secretbumblebee@proton.me --agree-tos -n --domains git.secretbee.buzz

    - name: Request grafana certificates
      changed_when: true
      ansible.builtin.command: certbot certonly --nginx -m secretbumblebee@proton.me --agree-tos -n --domains grafana.secretbee.buzz

    - name: Add post hook script
      ansible.builtin.copy:
        src: irc-post-hook.sh
        dest: /opt/irc-post-hook.sh
        owner: root
        group: root
        mode: '0755'

    - name: Renew for post hook
      changed_when: true
      ansible.builtin.command: certbot renew --cert-name irc.secretbee.buzz --deploy-hook /opt/irc-post-hook.sh --force-renewal

    - name: Change permission on live
      ansible.builtin.file:
        path: /etc/letsencrypt/live/
        mode: '0755'
    - name: Change permission on live
      ansible.builtin.file:
        path: /etc/letsencrypt/archive/
        mode: '0755'