From 504fb5e84489636c16c15b00a99b0e6352304dcc Mon Sep 17 00:00:00 2001
From: Dmitry Ilvokhin <d@ilvokhin.com>
Date: Sat, 6 Jan 2024 19:02:56 +0000
Subject: Make certificate a role

---
 roles/certificate/tasks/main.yml | 18 ++++++++++++++++++
 roles/nginx/tasks/main.yml       |  5 ++---
 roles/web/tasks/certificate.yml  | 15 ---------------
 3 files changed, 20 insertions(+), 18 deletions(-)
 create mode 100644 roles/certificate/tasks/main.yml
 delete mode 100644 roles/web/tasks/certificate.yml

diff --git a/roles/certificate/tasks/main.yml b/roles/certificate/tasks/main.yml
new file mode 100644
index 0000000..0edc725
--- /dev/null
+++ b/roles/certificate/tasks/main.yml
@@ -0,0 +1,18 @@
+- ansible.builtin.include_role:
+  name: certbot
+
+- name: Request SSL certificate from Let's Encrypt
+  shell: |
+    # Make task independent: if nginx is already running, stop it and then
+    # start back on exit.
+    [ -f /var/run/nginx.pid ] && systemctl stop nginx
+    trap "systemctl start nginx" EXIT
+    certbot certonly \
+        --standalone \
+        --agree-tos \
+        --renew-by-default \
+        --email webmaster@ilvokhin.com \
+        --rsa-key-size 4096 \
+        -d {{ domains | join(' -d ') }}
+  args:
+    creates: '/etc/letsencrypt/live/{{ domains | first }}/fullchain.pem'
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 82eb9ea..aec7280 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -31,9 +31,8 @@
   notify:
     - Reload nginx
 
-- name: Install logrotate
-  ansible.builtin.include_role:
-    name: logrotate
+- ansible.builtin.include_role:
+  name: logrotate
 
 - name: Configure nginx logrotate
   ansible.builtin.copy:
diff --git a/roles/web/tasks/certificate.yml b/roles/web/tasks/certificate.yml
deleted file mode 100644
index 5d25a63..0000000
--- a/roles/web/tasks/certificate.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-- name: Request SSL certificate from Let's Encrypt
-  shell: |
-    # Make task independent: if nginx is already running, stop it and then
-    # start back on exit.
-    [ -f /var/run/nginx.pid ] && systemctl stop nginx
-    trap "systemctl start nginx" EXIT
-    certbot certonly \
-        --standalone \
-        --agree-tos \
-        --renew-by-default \
-        --email webmaster@ilvokhin.com \
-        --rsa-key-size 4096 \
-        -d {{ domains | join(' -d ') }}
-  args:
-    creates: '/etc/letsencrypt/live/{{ domains | first }}/fullchain.pem'
-- 
cgit v1.2.3-70-g09d2