---
# file: roles/haproxy/tasks/main.yml

- name: "HaProxy Role"
  set_fact: role_haproxy_started=true
  tags: always

- block:

  - include: install.yml
  - include: configure.yml
    tags: Config

  when: '"haproxy" not in excluded_roles'

- block:

  - name: "Install Certs"
    include: '../../letsencrypt/tasks/cert.yml'
    with_items: '{{ proxy_certificates_letsencrypt|default([]) }}'
    loop_control:
      loop_var: domain

  - name: "Renew Existing Cert"
    include: '../../letsencrypt/tasks/renew.yml'

  - name: "Build HaCerts"
    include: 'buildcerts.yml'

  - name: "Set directory permissions to current user"
    file:
      path: '/etc/letsencrypt'
      owner: '{{ ansible_env.SUDO_USER }}'
      recurse: yes
    tags: Certs
    when: proxy_active

  tags: Certs
  when: 'proxy_active and "letsencrypt" not in excluded_roles'

- block:

  - name: "Pull Certs from active Proxy"
    include: 'pullcerts.yml'

  tags: Certs
  when: 'not proxy_active and "letsencrypt" not in excluded_roles'

- name: "Set directory permissions to root"
  file:
    path: '/etc/letsencrypt'
    owner: 'root'
    recurse: yes
  tags: Certs
  when: 'proxy_active and "letsencrypt" not in excluded_roles'