---
- name: add drone http site
  template:
    src: etc/apache2/sites-available/ci_domain.conf.j2
    dest: /etc/apache2/sites-available/{{ ci_domain}}.conf
    owner: root
    group: root
    mode: 0644
    force: no
  register: drone_http
- name: disable default site and enable drone site
  block:
    - name: disable default site
      command:
        cmd: a2dissite 000-default.conf
        removes: /etc/apache2/sites-enabled/000-default.conf
    - name: enable drone site
      command:
        cmd: a2ensite {{ ci_domain }}.conf
        creates: /etc/apache2/sites-enabled/{{ ci_domain }}.conf
- name: run certbot
  command:
    cmd: certbot --apache --non-interactive --keep-until-expiring --no-eff-email --email {{ admin_mail }} --redirect --renew-with-new-domains --agree-tos -d {{ ci_domain }}
  when: ansible_domain != 'dev' and drone_http.changed
- include: ssl-dev.yml
  when: ansible_domain == 'dev'
- name: add drone https site
  template:
    src: etc/apache2/sites-available/ci_domain-le-ssl.conf.j2
    dest: /etc/apache2/sites-available/{{ ci_domain }}-le-ssl.conf
    owner: root
    group: root
    mode: 0644
- name: enable drone https site
  command:
    cmd: a2ensite {{ ci_domain }}-le-ssl.conf
    creates: /etc/apache2/sites-enabled/{{ ci_domain }}-le-ssl.conf
  notify: restart apache