---
  - name: Install certbot dependencies
    apt:
      pkg: "{{item}}"
      state: present
    with_items:
      - augeas-lenses
      - ca-certificates
      - dialog
      - gcc
      - libaugeas0
      - libffi-dev
      - libpython-dev
      - libpython2.7-dev
      - libssl-dev
      - python
      - python-dev
      - python-setuptools
      - python-virtualenv
      - python2.7-dev

  - name: Get certbot
    get_url:
      url: "https://dl.eff.org/certbot-auto"
      dest: "{{certbot_dir}}"
      mode: a+x

  - name: Run certbot
    command: "{{certbot_dir}}/certbot-auto certonly --email {{letsencrypt_email}} --domains {{([server_name] + server_aliases) | join(',')}} --apache --agree-tos --non-interactive"
    args:
      creates: /etc/letsencrypt/live/{{server_name}}/cert.pem

  - name: Enable mod_rewrite
    apache2_module:
      name: rewrite
      state: present
    sudo: true

  - name: Enable mod_ssl
    apache2_module:
      name: ssl
      state: present
    sudo: true

  - name: Create SSL Apache config
    template:
      src: project-le-ssl.conf
      dest: /etc/apache2/sites-available/{{project_name}}-le-ssl.conf
    sudo: true
    notify: apache restart

  - name: Symlink {{project_name}}-le-ssl.conf to sites-enabled
    file:
      src: /etc/apache2/sites-available/{{project_name}}-le-ssl.conf
      dest: /etc/apache2/sites-enabled/{{project_name}}-le-ssl.conf
      state: link
    sudo: true
    notify: apache restart

  - name: Force redirect to https (1/3)
    lineinfile:
      dest: /etc/apache2/sites-available/{{project_name}}.conf
      line: "RewriteEngine on"
      state: present
      insertbefore: "</VirtualHost>"
    sudo: true
    notify: apache restart

  - name: Force redirect to https (2/3)
    lineinfile:
      dest: /etc/apache2/sites-available/{{project_name}}.conf
      line: "RewriteCond %{SERVER_NAME} ={{server_name}}"
      state: present
      insertbefore: "</VirtualHost>"
    sudo: true
    notify: apache restart

  - name: Force redirect to https (3/3)
    lineinfile:
      dest: /etc/apache2/sites-available/{{project_name}}.conf
      line: "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]"
      state: present
      insertbefore: "</VirtualHost>"
    sudo: true
    notify: apache restart

  - name: Setup cron job to auto renew
    cron:
      name: Auto-renew SSL
      job: "{{certbot_dir}}/certbot-auto renew --quiet --no-self-upgrade"
      minute: 30
      hour: "0,12"
      state: present