---
- name: Install acme.sh
  community.general.pacman:
    name: acme.sh
    state: present

- name: Isntall acme.sh cron
  cmd:
    chdir: /usr/bin/
    cmd: ./acme.sh --install

- name: Generate certificates
  command:
    cmd: >
      acme.sh --issue -d {{ acme_domains | join(" -d ") }}
      -w /var/lib/letsencrypt/webroot
    creates: /root/.acme.sh/{{ acme_domains[0] }}

- name: Install certificates
  command:
    cmd: >
      acme.sh --install-cert -d "{{ acme_domains[0] }}"
      --fullchain-file "{{ acme_dest }}/{{ acme_domains[0] }}.crt"
      --key-file "{{ acme_dest }}/{{ acme_domains[0] }}.key"
      --reloadcmd "{{ acme_reload_cmd }}"
    creates:
      - "{{ acme_dest }}/{{ acme_domains[0] }}.key"
      - "{{ acme_dest }}/{{ acme_domains[0] }}.crt"

- name: Ensure cert permissions
  file:
    path: "{{ item }}"
    state: file
    owner: "{{ acme_owner }}"
    group: "{{ acme_owner }}"
    mode: 0600
  loop:
      - "{{ acme_dest }}/{{ acme_domains[0] }}.key"
      - "{{ acme_dest }}/{{ acme_domains[0] }}.crt"