---
# Pip-in-venv install — EFF's recommended path now that certbot-auto is gone.
# https://certbot.eff.org/instructions?os=pip
# Debian-family only; RedHat goes through setup-RedHat.yml + package install.

- name: Install certbot pip prerequisites.
  ansible.builtin.apt:
    name:
      - python3
      - python3-dev
      - python3-venv
      - libaugeas-dev
      - gcc
    state: present
    update_cache: true
    cache_valid_time: 3600

- name: Install certbot in a venv via pip.
  ansible.builtin.pip:
    name: certbot
    state: "{{ 'latest' if certbot_keep_updated else 'present' }}"
    virtualenv: "{{ certbot_dir }}"
    virtualenv_command: python3 -m venv

- name: Install certbot pip plugins.
  ansible.builtin.pip:
    name: "{{ certbot_pip_extra_packages }}"
    state: "{{ 'latest' if certbot_keep_updated else 'present' }}"
    virtualenv: "{{ certbot_dir }}"
  when: certbot_pip_extra_packages | length > 0

- name: Symlink certbot binary onto PATH.
  ansible.builtin.file:
    src: "{{ certbot_dir }}/bin/certbot"
    dest: /usr/local/bin/certbot
    state: link

- name: Set Certbot script variable.
  ansible.builtin.set_fact:
    certbot_script: "{{ certbot_dir }}/bin/certbot"