---
- name: Setup Let's Encrypt SSL Certificates via Traefik
  hosts: production
  become: no
  gather_facts: yes

  vars:
    domains:
      - git.michaelschiemer.de
      - michaelschiemer.de
    acme_email: kontakt@michaelschiemer.de

  tasks:
    - name: Check if acme.json exists and is a file
      stat:
        path: "{{ deploy_user_home }}/de iployment/stacks/traefik/acme.json"
      register: acme_stat

    - name: Remove acme.json if it's a directory
      file:
        path: "{{ deploy_user_home }}/deployment/stacks/traefik/acme.json"
        state: absent
      become: yes
      when: acme_stat.stat.exists and acme_stat.stat.isdir

    - name: Ensure Traefik acme.json exists and has correct permissions
      file:
        path: "{{ deploy_user_home }}/deployment/stacks/traefik/acme.json"
        state: touch
        mode: '0600'
        owner: "{{ ansible_user }}"
        group: "{{ ansible_user }}"
      become: yes

    - name: Verify Traefik is running
      command: docker compose -f {{ deploy_user_home }}/deployment/stacks/traefik/docker-compose.yml ps traefik
      register: traefik_status
      changed_when: false

    - name: Fail if Traefik is not running
      fail:
        msg: "Traefik is not running. Please start it first."
      when: traefik_status.rc != 0 or "Up" not in traefik_status.stdout

    - name: Force Traefik to reload configuration
      command: docker compose -f {{ deploy_user_home }}/deployment/stacks/traefik/docker-compose.yml restart traefik
      changed_when: true

    - name: Wait for Traefik to be ready
      wait_for:
        timeout: 10
      changed_when: false

    - name: Trigger certificate request by accessing each domain
      uri:
        url: "https://{{ item }}"
        method: GET
        validate_certs: no
        timeout: 5
        status_code: [200, 301, 302, 303, 404, 502, 503]
      loop: "{{ domains }}"
      register: certificate_trigger
      changed_when: false
      ignore_errors: yes

    - name: Wait for ACME certificate generation (30 seconds)
      wait_for:
        timeout: 30
      changed_when: false

    - name: Check if acme.json contains certificates
      stat:
        path: "{{ deploy_user_home }}/deployment/stacks/traefik/acme.json"
      register: acme_file

    - name: Display certificate status
      debug:
        msg: |
          Certificate setup triggered.
          Traefik will request Let's Encrypt certificates for:
          {{ domains | join(', ') }}
          
          Check Traefik logs to see certificate generation progress:
          docker compose -f {{ deploy_user_home }}/deployment/stacks/traefik/docker-compose.yml logs traefik | grep -i acme
          
          Certificates should be ready within 1-2 minutes.