- name: Install snapd
  become: true
  ansible.builtin.apt:
    install_recommends: false
    name: snapd

- name: Install Certbot
  become: true
  community.general.snap:
    classic: true
    name: certbot

- name: Confirm plugin containment level
  become: true
  ansible.builtin.command: snap set certbot trust-plugin-with-root=ok

- name: Install Certbot DigitalOcean plugin
  become: true
  community.general.snap:
    name: certbot-dns-digitalocean

- name: Create Certbot symlink in /usr/bin
  become: true
  ansible.builtin.file:
    src: /snap/bin/certbot
    dest: /usr/bin/certbot
    state: link

- name: Configure Certbot DigitalOcean plugin
  become: true
  block:
    - name: Prompt for token
      ansible.builtin.pause:
        prompt: |
          Enter your API token:
        echo: false
      register: digitalocean_token
      when:
        - lookup('env', 'DIGITALOCEAN_TOKEN') | length <= 0

    - name: Set the token as a fact
      ansible.builtin.set_fact:
        digitalocean_token: "{{ digitalocean_token.user_input | default(lookup('env', 'DIGITALOCEAN_TOKEN')) }}"

    - name: Fail if the token is invalid
      ansible.builtin.fail:
        msg: 'DigitalOcean token is invalid'
      when: digitalocean_token | length == 0

    - name: Configure certbot.ini
      ansible.builtin.template:
        src: certbot.ini
        dest: '{{ certbot_ini }}'
        owner: root
        group: root
        mode: '600'

- name: Create /etc/letsencrypt
  become: true
  ansible.builtin.command: certbot certificates
  args:
    creates: /etc/letsencrypt

- name: Update certificates
  ansible.builtin.include_tasks: domain.yml
  loop: '{{ letsencrypt_domains }}'