---
- name: create ssl certificate for ci server
  become: true
  ansible.builtin.command: |
    certbot certonly --webroot --webroot-path=/srv/http/letsencrypt \
    -m {{ ssl_email }} --agree-tos \
    -d {{ item }}
  args:
    creates: "/etc/letsencrypt/live/{{ item }}"
  loop:
    - "{{ bookstack_server_name }}"
    - "{{ ci_server_name }}"
    - "{{ cloud_server_name }}"
    - "{{ cloud_skudak_server_name }}"
    - "{{ fulfillr_server_name }}"
    - "{{ parts_server_name }}"
    - "{{ photos_server_name }}"
  tags: ssl

- name: set group ownership for /etc/letsencrypt/
  become: true
  ansible.builtin.file:
    path: /etc/letsencrypt
    owner: "{{ podman_user }}"
    group: "{{ podman_user }}"
    recurse: true
  tags: ssl