---
- stat: path=/etc/letsencrypt/live/{{ mastodon_host | default(ansible_fqdn) }}/fullchain.pem
  register: letsencrypt_cert

- name: Copy letsencrypt nginx config
  template: 
    src: mastodon.conf.j2
    dest: /etc/nginx/sites-available/mastodon.conf
  
- name: Symlink enabled site
  file:
    src: "/etc/nginx/sites-available/mastodon.conf"
    dest: "/etc/nginx/sites-enabled/mastodon.conf"
    state: link

- name: Reload nginx
  command: "systemctl reload nginx"
  when:
    - migration is not defined or migration == False

- name: Install letsencrypt cert
  command: letsencrypt certonly -n --webroot -d {{ mastodon_host | default(ansible_fqdn) }} -w {{ mastodon_home }}/{{ mastodon_path }}/public/ --email "webmaster@{{ mastodon_host | default(ansible_fqdn) }}" --agree-tos && systemctl reload nginx
  when: 
    - not letsencrypt_cert.stat.exists
    - migration == False or migration is not defined

- name: Letsencrypt Job
  cron:
    name: "letsencrypt renew"
    minute: "15"
    hour: "0"
    job: "letsencrypt renew && service nginx reload"