[
	{
		"name": "packages",
		"become": true,
		"ansible.builtin.apt": {
			"update_cache": true,
			"pkg": [
				"openssl",
				"python3-cryptography",
				"certbot"
			]
		}
	},
	{
		"name": "directories",
		"become": true,
		"loop": [
			"{{var_tlscert_acme_inwx_ssl_directory}}/private",
			"{{var_tlscert_acme_inwx_ssl_directory}}/csr",
			"{{var_tlscert_acme_inwx_ssl_directory}}/certs",
			"{{var_tlscert_acme_inwx_ssl_directory}}/chains",
			"{{var_tlscert_acme_inwx_ssl_directory}}/fullchains"
		],
		"ansible.builtin.file": {
			"state": "directory",
			"path": "{{item}}"
		}
	},
	{
		"name": "tools | inwx",
		"become": true,
		"ansible.builtin.copy": {
			"src": "inwx",
			"dest": "/usr/local/bin/inwx",
			"mode": "a+x"
		}
	},
	{
		"name": "tools | tls-get | script",
		"become": true,
		"ansible.builtin.copy": {
			"src": "tls-get",
			"dest": "/usr/local/bin/tls-get",
			"mode": "a+x"
		}
	},
	{
		"name": "tools | tls-get | conf",
		"become": true,
		"ansible.builtin.template": {
			"src": "tls-get-conf.json.j2",
			"dest": "/root/.tls-get-conf.json"
		}
	},
	{
		"name": "tools | pseudo queue | setup",
		"become": true,
		"ansible.builtin.cron": {
			"state": "present",
			"disabled": false,
			"name": "pseudo queue",
			"special_time": "reboot",
			"job": "bash -c \"(test -p /var/pseudoqueue || mkfifo --mode=0600 /var/pseudoqueue) && (while true ; do bash < /var/pseudoqueue ; done)\""
		}
	},
	{
		"name": "tools | pseudo queue | run",
		"become": true,
		"ansible.builtin.shell": {
			"cmd": "bash -c \"test -p /var/pseudoqueue || (mkfifo --mode=0600 /var/pseudoqueue && (while true ; do bash < /var/pseudoqueue ; done))\" &"
		}
	},
	{
		"name": "setup auto renewal",
		"become": true,
		"ansible.builtin.cron": {
			"state": "present",
			"disabled": false,
			"name": "TLS certificate for {{var_tlscert_acme_inwx_domain}}",
			"minute": "0",
			"hour": "2",
			"day": "1",
			"month": "*",
			"weekday": "*",
			"job": "echo '/usr/local/bin/tls-get {{var_tlscert_acme_inwx_domain}} --conf-path=/root/.tls-get-conf.json --target-directory={{var_tlscert_acme_inwx_ssl_directory}}' > /var/pseudoqueue"
		}
	},
	{
		"name": "run",
		"become": true,
		"ansible.builtin.shell": {
			"cmd": "/usr/local/bin/tls-get {{var_tlscert_acme_inwx_domain}} --conf-path=/root/.tls-get-conf.json --target-directory={{var_tlscert_acme_inwx_ssl_directory}}"
		}
	}
]