---
- name: Ensure UFW is enabled and accepting HTTPS traffic
  ufw:
    state: enabled
    policy: deny
    rule: allow
    to_port: '443'

- name: Ensure UFW is enabled and accepting HTTP traffic
  ufw:
    state: enabled
    policy: deny
    rule: allow
    to_port: '80'

- name: Ensure certbot is installed
  apt:
    name: certbot

- name: Stop Apache2 to request certificate
  service:
    name: apache2
    state: stopped

- name: Request certificate for node-metrics
  shell: "certbot certonly --agree-tos --email certs@susurrando.com --standalone -n -d node-metrics-{{ inventory_hostname }}"
  args:
    creates: "/etc/letsencrypt/live/node-metrics-{{ inventory_hostname }}/fullchain.pem"

- name: Request certificate for postfix-metrics
  shell: "certbot certonly --agree-tos --email certs@susurrando.com --standalone --agree-tos --email gestor@susurrando.com -n -d postfix-metrics-{{ inventory_hostname }}"
  args:
    creates: "/etc/letsencrypt/live/postfix-metrics-{{ inventory_hostname }}/fullchain.pem"