---
- name: Assert secrets have been configured.
  ansible.builtin.assert:
    that:
      - acme_domains is defined
      - acme_email is defined
      - acme_email != ''
    fail_msg: "FAILED: No ACME variables have been configured for this host."
# no_log: true

- name: Set up the ACME system user and group.
  import_tasks: setup-user.yml
  become: true

- name: Run lego looped task to order or renew certificates for all ACME domains.
  include_tasks:
    file: lego.yml
    apply:
      become: false
      tags: lego
  loop: "{{ acme_domains }}"
  loop_control:
    loop_var: acme_domain
  tags: lego
  notify: reload nginx

- name: Loop through the domain list (again) to copy certs and configure nginx for each ACME domain
  include_tasks:
    file: certificates.yml
    apply:
      become: true
  loop: "{{ acme_domains }}"
  loop_control:
    loop_var: acme_domain
  tags: nginx
  when: ansible_os_family != 'RedHat'

- name: (RedHat) Loop through the domain list (again) to copy certs and configure nginx for each ACME domain
  include_tasks:
    file: certificates-RedHat.yml
    apply:
      become: true
  loop: "{{ acme_domains }}"
  loop_control:
    loop_var: acme_domain
  tags: nginx
  when: ansible_os_family == 'RedHat'

- import_tasks: dhparams.yml
  become: true
  tags: dhparams