---

- name: certbot package is removed
  ansible.builtin.apt:
    name: certbot
    state: absent

- ansible.builtin.include_role:
    name: evolix/remount-usr

# copied and customized from https://raw.githubusercontent.com/certbot/certbot/v1.14.0/letsencrypt-auto
- name: Let's Encrypt script is present
  ansible.builtin.copy:
    src: letsencrypt-auto
    dest: /usr/local/bin/letsencrypt-auto
    mode: '0755'
    owner: root
    group: root
    force: true
  notify: install letsencrypt-auto

- name: Check certbot script
  ansible.builtin.stat:
    path: /usr/local/bin/certbot
  register: certbot_path

- name: Rename certbot script if present
  ansible.builtin.command:
    cmd: "mv /usr/local/bin/certbot /usr/local/bin/certbot.bak"
  when: certbot_path.stat.exists

- name: Let's Encrypt script is symlinked as certbot
  ansible.builtin.file:
    src: "/usr/local/bin/letsencrypt-auto"
    dest: "/usr/local/bin/certbot"
    state: link

- name: systemd artefacts are absent
  ansible.builtin.file:
    dest: "{{ item }}"
    state: absent
  loop:
    - /etc/systemd/system/certbot.service
    - /etc/systemd/system/certbot.service.d
    - /etc/systemd/system/certbot.timer
  notify: systemd daemon-reload

- name: custom crontab is present
  ansible.builtin.copy:
    src: cron_jessie
    dest: /etc/cron.d/certbot
    force: true
  when: certbot_custom_crontab | bool

- name: disable self-upgrade
  community.general.ini_file:
    dest: "/etc/letsencrypt/cli.ini"
    section: null
    option: "no-self-upgrade"
    value: "no"
    state: present