---
- name: stat dhparam
  become: true
  ansible.builtin.stat:
    path: /etc/ssl/certs/dhparam.pem
  register: dhparam
  tags: ssl

- name: generate openssl dhparam for nginx
  become: true
  ansible.builtin.command: |
    openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
  when: not dhparam.stat.exists
  args:
    creates: /etc/ssl/certs/dhparam.pem
  tags: ssl

- name: create ssl certificate for ci server
  become: true
  ansible.builtin.command: |
    certbot certonly --webroot --webroot-path=/srv/http/letsencrypt \
    -m {{ ssl_email }} --agree-tos \
    -d {{ item }}
  args:
    creates: "/etc/letsencrypt/live/{{ item }}"
  loop:
    - "{{ ci_server_name }}"
    - "{{ parts_server_name }}"
  tags: ssl