---
- name: Assert all secrets have been configured.
  ansible.builtin.assert:
    that:
      - NAMECHEAP_API_USER != ''
      - NAMECHEAP_API_KEY != ''
    fail_msg: "FAILED: Secrets have not been configured."
  no_log: true

- name: Set up the ACME system user and group.
  import_tasks: setup-user.yml
  become: true

- name: Run lego looped task to order or renew certificates for all ACME domains.
  include_tasks:
    file: lego.yml
    apply:
      become: false
  loop: "{{ acme_domains }}"
  loop_control:
    loop_var: acme_domain
  tags: lego

- name: Loop through the domain list (again) to copy certs and configure nginx for each ACME domain
  include_tasks:
    file: certificates.yml
    apply:
      become: true
  loop: "{{ acme_domains }}"
  loop_control:
    loop_var: acme_domain
  tags: nginx

- import_tasks: dhparams.yml
  become: true
  tags: dhparams