---
# Certbot SSL certificate setup for Gitea tasks
- name: Stop Nginx temporarily for initial certificate request
  systemd:
    name: nginx
    state: stopped
  when: not ansible_check_mode

- name: Obtain SSL certificate for Gitea using standalone mode
  command: >
    certbot certonly
    --standalone
    --non-interactive
    --agree-tos
    --email {{ ssl_email }}
    --domains {{ gitea_domain }}
  register: gitea_certbot_result
  changed_when: gitea_certbot_result.rc == 0
  failed_when: gitea_certbot_result.rc != 0 and "already exists" not in gitea_certbot_result.stderr
  when: not ansible_check_mode

- name: Start Nginx service
  systemd:
    name: nginx
    state: started

- name: Test certificate renewal for Gitea
  command: certbot renew --dry-run
  register: gitea_certbot_test
  changed_when: false

- name: Display certificate renewal test result for Gitea
  debug:
    msg: "{{ gitea_certbot_test.stdout }}"

- name: Verify SSL certificate exists for Gitea
  stat:
    path: "/etc/letsencrypt/live/{{ gitea_domain }}/fullchain.pem"
  register: gitea_ssl_cert

- name: Display SSL certificate status for Gitea
  debug:
    msg: "SSL certificate for {{ gitea_domain }}: {{ 'exists' if gitea_ssl_cert.stat.exists else 'not found' }}"