---

- name: generate acme-client configuration
  ansible.builtin.template:
    src: acme-client.conf.j2
    dest: "{{ acme__configuration_file }}"
    owner: 0
    group: 0
    mode: "0644"

- name: retrieve enabled domains
  ansible.builtin.shell: |
    set -o pipefail
    grep "^domain" {{ acme__configuration_file }} | cut -d " " -f 2
  register: acme__result_subdomains
  changed_when: false

- name: generate acme certificates
  ansible.builtin.command: acme-client -v {{ item }}
  loop: "{{ acme__result_subdomains.stdout_lines }}"
  register: acme__result_generation
  failed_when: acme__result_generation.rc == 1
  changed_when: acme__result_generation.rc != 2

- name: display registered certificates
  ansible.builtin.debug:
    msg: "{{ acme__result_generation.results | map(attribute='stderr')
      | join('\n') }}"

- name: enable automatic acme certificates update
  ansible.builtin.cron:
    name: "automatic acme certificates update for subdomain : {{ item }}"
    minute: 0
    hour: 6,18
    job: "acme-client -v {{ item }} && rcctl reload relayd"
  loop: "{{ acme__result_subdomains.stdout_lines }}"

- name: restart relayd
  ansible.builtin.service:
    name: relayd
    state: restarted
  when: acme__result_generation.changed