base: freebsd-latest

steps:
  - run:
      - ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg install py37-certbot python3
      - mkdir -p /cookiecutter
      - mkdir -p /certbot/data
      - mkdir -p /certbot/webroot
      - mkdir -p /certbot/scripts
      - chown -R nobody:nobody /certbot
      - chmod 0750 /certbot
  - copy:
      - [ files/certbot.py,
          /certbot/scripts/certbot.py ]
      - [ files/crontab_nobody,
          /root/crontab_nobody ]
  - run:
      - crontab -u nobody /root/crontab_nobody
      - rm -v /root/crontab_nobody
      - mkdir -p /usr/local/etc/letsencrypt
      - mkdir -p /var/log/letsencrypt
      - mkdir -p /var/db/letsencrypt
      - chown nobody:nobody /var/log/letsencrypt
      - chown nobody:nobody /var/db/letsencrypt
  - run:
      - sysrc sshd_enable=NO
      - sysrc sendmail_enable=NONE
      - sysrc clear_tmp_enable=YES
      - sysrc syslogd_flags="-ss"