- name: set acme_dns_cfg
  set_fact:
    acme_dns_cfg: "{{ acme_dns_default_config | d({}) |
      combine(acme_dns_config | d({}), recursive=true) }}"


- name: install dependencies
  include_tasks: tasks/install_packages.yml
  vars:
    package:
      - libcap


- name: create user and group
  include_tasks: tasks/create_user.yml
  vars:
    user:
      name: "{{ acme_dns_user }}"
      group: "{{ acme_dns_group }}"
      dir: "{{ acme_dns_dir }}"


- name: get and extract latest version of acme-dns
  include_tasks: tasks/get_lastversion.yml
  vars:
    package:
      name: fritterhoff/acme-dns
      location: github
      assets: yes
      asset_filter: 'Linux_amd64.tar.gz$'
      file: "{{ (acme_dns_dir, 'last_version') | path_join }}"
      extract: "{{ acme_dns_dir }}"
      user: "{{ acme_dns_user }}"
      group: "{{ acme_dns_group }}"
      notify: restart acme-dns


- name: delete unnecessary files
  file:
    path: "{{ (acme_dns_dir, item) | path_join }}"
    state: absent
  loop:
    - CHANGELOG.md
    - LICENSE
    - README.md


- name: template acme-dns config
  template:
    src: config.j2
    dest: "{{ (acme_dns_dir, 'config.cfg') | path_join }}"
    force: yes
    mode: 0400
    owner: "{{ acme_dns_user }}"
    group: "{{ acme_dns_group }}"
    lstrip_blocks: yes
  notify: restart acme-dns


- name: template init script
  template:
    src: init.j2
    dest: /etc/init.d/acme-dns
    force: yes
    mode: "+x"
  notify: restart acme-dns
  when: ansible_distribution == 'Alpine'


- name: ensure acme-dns binary has executable bit set
  file:
    path: "{{ (acme_dns_dir, 'acme-dns') | path_join }}"
    mode: "+x"


- name: add cap_net_bind_service to acme-dns executable
  community.general.capabilities:
    path: "{{ (acme_dns_dir, 'acme-dns') | path_join }}"
    capability: cap_net_bind_service+ep
  changed_when: no


- name: flush handlers
  meta: flush_handlers


- name: add reverse proxy config
  include_role:
    name: rproxy
    tasks_from: add.yml
  vars:
    rproxy_config:
      port: "{{ acme_dns_api_port }}"
      acme:
        server: "http://127.0.0.1:{{ acme_dns_api_port }}"
      nginx: rproxy_nginx.j2
      caddy_reverse_proxy_handlers:
        - handler: reverse_proxy
          upstreams:
            - dial: "127.0.0.1:{{ acme_dns_api_port }}"


- name: add directories to backup plan
  include_role:
    name: backup
    tasks_from: add.yml
  vars:
    backup_items:
      - "{{ acme_dns_dir }}"


- name: enable and start acme-dns
  service:
    name: acme-dns
    state: started
    enabled: yes