- name: Get DNS names
  set_fact:
    domains: '{{ interfaces | selectattr("name", "==", "lo")
             | map(attribute="ip_addresses") | flatten | map(attribute="dns_name")
             | sort | unique }}'

- name: Install certbot
  package:
    name: certbot

- name: Get LE certificate
  command:
    cmd: ip vrf exec default certbot certonly --non-interactive --agree-tos --register-unsafely-without-email --standalone -d {{ domains | join(',') }}
    creates: '/etc/letsencrypt/renewal/{{ domains | first }}.conf'

- name: Create common directory for ceph nodes
  file:
    path: /etc/ceph
    state: directory

- name: Link key and certificate to common location
  file:
    dest: '/etc/ceph/{{ item }}'
    src: '/etc/letsencrypt/live/{{ domains | first }}/{{ item }}'
    state: link
  loop:
    - privkey.pem
    - fullchain.pem

- name: Install certificate deploy hook
  copy:
    dest: /etc/letsencrypt/renewal-hooks/deploy/
    src: restart-ceph-rgw.sh
    mode: 0755