---
- name: HAPROXY -- install
  hosts: haproxy@lxd.ansol.org
  become: true
  tasks:
    - name: HAPROXY -- install needed packages
      become: true
      package:
        state: present
        name: '{{ item }}'
      with_items:
        - unattended-upgrades
        - haproxy
    - name: HAPROXY -- Generate Diffie-Hellman parameters with the default size (4096 bits)
      community.crypto.openssl_dhparam:
        path: /etc/haproxy/dhparam.pem
    - name: HAPROXY -- create ssl folder
      become: true
      file:
        path: '/etc/haproxy/ssl'
        state: directory
    - name: HAPROXY -- new cert script
      copy:
        src: 'files/ha_new_cert.sh'
        dest: '/usr/local/bin/new_certbot'
        mode: 0755
    - name: HAPROXY -- cert renew script
      become: true
      copy:
        src: 'files/ha_certbot_renew.sh'
        dest: '/etc/cron.weekly/certbot_renew.sh'
        mode: 0755
    - name: HAPROXY -- config file
      become: true
      template:
        src: files/ha_haproxy.cfg.j2
        dest: /etc/haproxy/haproxy.cfg
        owner: root
        group: root
        mode: 0644
      notify:
        - reload haproxy
    - name: HAPROXY -- install certbot snap
      become: true
      snap:
        name: certbot
        classic: yes
  handlers:
    - name: reload haproxy
      service:
        name: haproxy
        state: reloaded
        enabled: yes