---
- name: Get latest lego version
  github_release:
    user: go-acme
    repo: lego
    action: latest_release
    token: "{{ vault_github_token }}"
  delegate_to: localhost
  run_once: true
  register: lego_version

- name: Download lego {{ lego_version.tag }} from GitHub
  get_url:
    url: "https://github.com/go-acme/lego/releases/download/\
          {{ lego_version.tag }}/lego_{{ lego_version.tag }}\
          _linux_{{ deb_architecture }}.tar.gz"
    dest: "/tmp/lego_{{ lego_version.tag }}_linux_{{ deb_architecture }}.tar.gz"
  register: _download_archive
  until: _download_archive is succeeded
  retries: 3
  delay: 5

- name: unpack lego binaries
  unarchive:
    src: "/tmp/lego_{{ lego_version.tag }}_linux_{{ deb_architecture }}.tar.gz"
    dest: "/tmp"
    creates: "/tmp/lego_{{ lego_version.tag }}_linux_{{ deb_architecture }}"
    remote_src: true
    extra_opts:
      - --one-top-level

- name: Copy lego
  copy:
    src: "/tmp/lego_{{ lego_version.tag }}_linux_{{ deb_architecture }}/lego"
    dest: "{{ lego_install_dir }}/lego"
    remote_src: true
    mode: 0755

- name: Create lego config directory
  file:
    path: "{{ lego_config_dir }}"
    mode: 0755
    state: directory

- name: Check lego registration
  stat:
    path: "{{ lego_config_dir }}/accounts"
  register: account_dir

- name: Register lego and create cert
  command: |
    {{ lego_install_dir }}/lego --accept-tos
    {% for dns in certificate_domains %}
    --domains="{{ dns }}"
    {%   endfor %}
    {{ lego_cli_params|join(' ') }}
    run
  environment: '{ "{{ lego_provider|upper }}_API_KEY": "{{ vault_ionos_token_dns }}" }'
  when: not account_dir.stat.exists

- name: Copy lego systemd service
  template:
    src: "{{ item }}.j2"
    dest: "/etc/systemd/system/{{ item }}"
    mode: 0644
  loop: [lego.service, lego.timer]
  notify: [restart lego_service, restart lego_timer]