- name: install certbot DNS plugin
  community.general.pacman:
    name: "certbot-dns-{{ CERTBOT_ACME_CHALLENGE_METHOD }}"
    state: present

- name: Ensure /etc/certbot directory exists
  file:
    path:   "{{ CERTBOT_CREDENTIALS_DIR }}"
    state:  directory
    owner:  root
    group:  root
    mode:   '0755'

- name: Install plugin credentials file
  copy:
    dest: "{{ CERTBOT_CREDENTIALS_FILE }}"
    content: |
      dns_{{ CERTBOT_ACME_CHALLENGE_METHOD }}_api_token = {{ CLOUDFLARE_API_TOKEN }}
    owner: root
    group: root
    mode: '0600'