---
- name: Copy shell script to enable tls sites
  become: true
  ansible.builtin.copy:
    src: 'files/acmetool/enable_tls.sh'
    dest: '/etc/acme/hooks/enable_tls.sh'
    owner: root
    group: root
    mode: 'u=rx,g=r,o='

- name: Get certificate for default server
  become: true
  ansible.builtin.command:
    cmd: "acmetool want '{{ inventory_hostname }}'"
  args:
    creates: '/var/lib/acme/live/{{ inventory_hostname }}'

- name: Get certificates for all configured sites
  become: true
  ansible.builtin.command:
    cmd: acmetool want '{{ ([site.name] + (site.altnames | default([]))) | join(" ") }}' -> acmetool want '{{ ([site.name] + (site.altnames | default([]))) | join(" ") }}'
  args:
    creates: '/var/lib/acme/live/{{ site.name }}/'
  with_items: '{{ nginx_sites }}'
  loop_control:
    loop_var: site