- name: "add certbot apt repo"
  apt_repository:
    repo: "deb http://deb.debian.org/debian stretch-backports main"

- name: "install certbot"
  apt:
    name: certbot
    default_release: stretch-backports

- name: "install daily cron job to create haproxy.pem"
  copy:
    content: |
      #!/bin/sh
      set -eu
      cd /etc/letsencrypt/live/haproxy
      cat fullchain.pem privkey.pem > /etc/ssl/haproxy.pem
      systemctl restart haproxy
    dest: /etc/cron.daily/haproxy.pem
    owner: root
    group: root
    mode: 0755

- name: "run certbot"
  shell: |
    set -eu
    certbot certonly \
            --standalone \
            --noninteractive \
            --email "{{ letsencrypt_email }}" \
            --agree-tos \
            --expand \
            --cert-name haproxy \
            --keep \
            --pre-hook "systemctl stop apache2 haproxy" \
            --post-hook "systemctl start apache2 haproxy" \
            -d "{{ haproxy_domain }}"
    /etc/cron.daily/haproxy.pem

- name: install haproxy
  apt:
    name: haproxy

- name: "install haproxy config"
  copy:
    src: haproxy.cfg
    dest: /etc/haproxy/haproxy.cfg

- name: enable and start haproxy
  service:
    state: restarted
    enabled: yes
    name: haproxy