CU-cunmht split ssl from http role to separate role

ansible/roles/ssl/tasks/certbot.yml

@@ -0,0 +1,25 @@
+---
+- name: generate openssl dhparam for nginx
+  become: true
+  command: |
+    openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 2048
+  args:
+    creates: /etc/ssl/certs/dhparam.pem
+  tags: ssl
+
+- name: create ssl certificate for ci server
+  become: true
+  command: |
+    certbot certonly --webroot --webroot-path=/srv/http \
+    -m {{ ci_server_email }} --agree-tos \
+    -d {{ ci_server_name }}
+  args:
+    creates: "/etc/letsencrypt/live/{{ ci_server_name }}"
+  tags: ssl
+
+- name: check if certbot certificate was created
+  become: true
+  stat:
+    path: "/etc/letsencrypt/live/{{ ci_server_name }}"
+  register: stat_result
+  tags: ssl

ansible/roles/ssl/tasks/cron.yml

@@ -0,0 +1,10 @@
+---
+- name: renew certbot ssl certificates weekly
+  become: true
+  cron:
+    name: certbot_renew
+    special_time: weekly
+    job: |
+      certbot renew --pre-hook "systemctl stop nginx" \
+       --post-hook "systemctl start nginx"
+  tags: cron

ansible/roles/ssl/tasks/main.yml

@@ -0,0 +1,3 @@
+---
+- import_tasks: certbot.yml
+- import_tasks: cron.yml