- name: load os-specific values
  include_vars: '{{ item }}'
  with_first_found:
  - '{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml'
  - '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml'
  - '{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml'
  - '{{ ansible_distribution }}.yml'
  - '{{ ansible_os_family }}.yml'
  - defaults.yml
  tags:
  - always

- name: ensure lego is installed
  package:
    name:
    - acl  # required for `become_user: lego`
    - '{{ lego_package }}'
    state: present
  tags:
  - install

- name: ensure lego group exists
  group:
    name: lego
    system: true
  tags:
  - user
  - group
- name: ensure lego user exists
  user:
    name: lego
    group: lego
    system: true
    home: /var/lib/lego
    createhome: true
    shell: /bin/false
  tags:
  - user

- name: ensure lego-renew systemd units are installed
  copy:
    src: '{{ item }}'
    dest: /etc/systemd/system/
    owner: root
    group: root
    mode: u=rw,go=r
  loop:
  - lego-renew.service
  - lego-renew.timer
  notify:
  - reload systemd
  tags:
  - systemd

- name: ensure lego-renew systemd timer is enabled
  systemd:
    name: lego-renew.timer
    enabled: true
  tags:
  - service
- name: ensure lego-renew systemd timer is running
  systemd:
    name: lego-renew.timer
    state: started
  tags:
  - service