---
- name: Create SCE certbot directories
  ansible.builtin.file:
    dest: /etc/sce-certbot
    state: directory
    mode: "0750"

- name: Install script to move the TLS certificates to root
  ansible.builtin.template:
    src: move-certificate-files-to-root.j2
    dest: /usr/local/bin/move-certificate-files-to-root
    mode: "0740"

- name: Install script to extract the certificate files from the Podman volume
  ansible.builtin.template:
    src: extract-certificate-files.j2
    dest: /usr/local/bin/extract-certificate-files
    mode: "0755"

- name: Allow podman user to execute the move command
  community.general.sudoers:
    name: allow-podman-move-certificates
    user: podman
    state: present
    commands:
      - /usr/local/bin/move-certificate-files-to-root
    nopassword: true

- name: Configure Certbot service
  ansible.builtin.import_tasks: machinectl.yml
  become_method: community.general.machinectl
  become_user: podman
  become: true