---
- name: Create Certbot volumes
  containers.podman.podman_volume:
    name: "{{ item }}"
    state: present
  loop:
    - certbot-etc
    - certbot-var-lib

- name: Create LetsEncrypt container
  containers.podman.podman_container:
    name: certbot
    state: present
    image: docker.io/certbot/certbot
    command: certonly -n --standalone --domains {{ podman_certbot_domains }} --expand --agree-tos --email {{ podman_certbot_email }}
    volumes:
      - certbot-etc:/etc/letsencrypt
      - certbot-var-lib:/var/lib/letsencrypt
    ports:
      - "{{ podman_certbot_port_mapping }}"
    generate_systemd:
      path: ~/.config/systemd/user
      # If validation fails a number of times in a pre-defined window, we will get rate-limited by
      # LetsEncrypt. Setting this option will prevent us from angering the rate-limiter.
      #
      # Also, search for the YAML norway problem, lol, these quotations are necessary. YAML is insane.
      restart_policy: "no"
  notify: Reload user systemd daemon

- name: Install systemd files for certbot certificate renewal
  ansible.builtin.template:
    src: "{{ filename }}.j2"
    dest: ~/.config/systemd/user/{{ filename }}
    mode: "0640"
  vars:
    filename: container-certbot.timer
  notify: Reload user systemd daemon

# Must be placed here to ensure proper ordering of events
- name: Flush handlers
  ansible.builtin.meta: flush_handlers

- name: Ensure certbot timer unit is enabled and started
  ansible.builtin.systemd_service:
    name: container-certbot.timer
    state: started
    scope: user
    enabled: true