From a7e8bd856c01bcb60a0bebf7aaff65d4e98cd171 Mon Sep 17 00:00:00 2001
From: Alex Tavarez <admin@sukaato.moe>
Date: Wed, 23 Jul 2025 15:27:26 -0400
Subject: [PATCH] Added certbot configuration task with conditional porkbun API
 implementation, removed variables already declared in role vars/defaults,
 group_vars or host_vars

---
 configure@vps.yml | 59 +++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 54 insertions(+), 5 deletions(-)

diff --git a/configure@vps.yml b/configure@vps.yml
index 3ef57f5..d51c882 100644
--- a/configure@vps.yml
+++ b/configure@vps.yml
@@ -8,9 +8,10 @@
     # # below is just to remind you to use '--ask-pass' instead
     # ansible_password: "{{ root_auths[0].password }}"
     FAMILY: "{{ ansible_facts['os_family'] }}"
-    CURRENT_HOST_IP4: "{{ hostvars[inventory_hostname]['ansible_facts']['ansible_default_ipv4']['address'] }}"
-    CURRENT_HOST_IP6: "{{ hostvars[inventory_hostname]['ansible_facts']['ansible_default_ipv6']['address'] }}"
+    CURRENT_HOST_IP4: "{{ ansible_facts['default_ipv4']['address'] }}"
+    CURRENT_HOST_IP6: "{{ ansible_facts['default_ipv6']['address'] }}"
     FQDN: "{{ domain_name | default(inventory_hostname, true) }}"
+    acme_challenge: no
 
   pre_tasks:
     - name: Set timezone
@@ -63,21 +64,69 @@
       register: hosts_updated
       when: CURRENT_HOST_IP6 is defined
       tags: ['baseconf', 'hostsfile_update']
+    - name: Create a directory for client source code
+      file:
+        path: "{{ ansible_facts['user_dir'] }}/src/clients"
+        state: directory
+    - name: Create a directory for container service compose files
+      file:
+        path: "{{ compose_source_path }}"
+        state: directory
+    # - name: Create a directory for website or web server source code
+    #   file:
+    #     path: "{{ ansible_facts['user_dir'] }}/src/services/web"
+    #     state: directory
 
   tasks:
     - name: Configure core packages
       include_role:
         name: bootstrap
         tasks_from: config@corepkgs.yml
+        defaults_from: main
+        vars_from: main
       vars:
-        enrollment_key: "{{ crowdsec_key }}"
-        gcfs_password: "{{ gocrypt_password }}"
         #@TODO improve filters for defining the two below variables
         official_name: "{{ [admin.actual_name if admin.username == ansible_facts['user_id'] for admin in admin_auths][0] }}"
         official_email: "{{ [admin.email if admin.username == ansible_facts['user_id'] for admin in admin_auths][0] }}"
-        homedir: "{{ ansible_facts['user_dir'] }}"
       register: pkgs_configured
       tags: ['default', 'configure_pkgs']
+    - name: Configure DNS using Certbot
+      include_role:
+        name: bootstrap
+        tasks_from: configure_core/certbot.yml
+        defaults_from: options/certbot.yml
+        vars_from: options/certbot.yml
+      register: dns_challenge_made
+      when: acme_challenge
+      tags: ['default', 'with_porkbun_api']
+    - name: Import DNS certificates and keys
+      block:
+        - name: Create SSL certificate
+          become: yes
+          become_method: sudo
+          copy:
+            src: ssl/domain.cert.pem
+            dest: "{{ web_root  }}/domain.cert.pem"
+            force: yes
+            backup: yes
+        - name: Create private key
+          become: yes
+          become_method: sudo
+          copy:
+            src: ssl/private.key.pem
+            dest: "{{ web_root }}/private.key.pem"
+            force: yes
+            backup: yes
+        - name: Create public key
+          become: yes
+          become_method: sudo
+          copy:
+            src: ssl/public.key.pem
+            dest: "{{ web_root }}/public.key.pem"
+            force: yes
+            backup: yes
+      when: not acme_challenge
+      tags: ['default']
 
   post_tasks:
     - name: Do a system upgrade