CU-cunmht split ssl from http role to separate role

ansible/deploy_home.yml

@@ -4,5 +4,6 @@
   - vars/vault.yml
   roles:
   - role: common
+  - role: ssl
   - role: http
   - role: drone

ansible/roles/http/meta/main.yml

@@ -1,3 +1,3 @@
 ---
 dependencies:
-  - role: common
+  - role: ssl

ansible/roles/http/tasks/https.yml

@@ -0,0 +1,23 @@
+---
+
+- name: template nginx https sites-available
+  become: true
+  template:
+    src: "templates/nginx/sites/{{ item }}.j2"
+    dest: "/etc/nginx/sites-available/{{ item }}"
+    mode: 0644
+  with_items:
+    - "{{ ci_server_name }}.https.conf"
+  tags: https
+
+- name: enable desired nginx https sites
+  become: true
+  file:
+    src: "/etc/nginx/sites-available/{{ item }}"
+    dest: "/etc/nginx/sites-enabled/{{ item }}"
+    state: link
+  with_items:
+    - "{{ ci_server_name }}.https.conf"
+  notify: restart_nginx
+  when: stat_result.stat.exists
+  tags: https

ansible/roles/http/tasks/main.yml

@@ -2,5 +2,4 @@
 - import_tasks: deps.yml
 - import_tasks: modsec.yml
 - import_tasks: http.yml
-- import_tasks: ssl.yml
-- import_tasks: cron.yml
+- import_tasks: https.yml

ansible/roles/http/tasks/ssl.yml

@@ -1,60 +0,0 @@
----
-- name: flush existing nginx https enabled sites
-  become: true
-  file:
-    path: "/etc/nginx/sites-enabled/{{ item }}"
-    state: absent
-  with_items:
-    - "{{ ci_server_name }}.https.conf"
-  notify: restart_nginx
-  tags: ssl
-
-- meta: flush_handlers
-  tags: ssl
-
-- name: generate openssl dhparam for nginx
-  become: true
-  command: |
-    openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 2048
-  args:
-    creates: /etc/ssl/certs/dhparam.pem
-  tags: ssl
-
-- name: create ssl certificate for ci server
-  become: true
-  command: |
-    certbot certonly --webroot --webroot-path=/srv/http \
-    -m {{ ci_server_email }} --agree-tos \
-    -d {{ ci_server_name }}
-  args:
-    creates: "/etc/letsencrypt/live/{{ ci_server_name }}"
-  tags: ssl
-
-- name: check if certbot certificate was created
-  become: true
-  stat:
-    path: "/etc/letsencrypt/live/{{ ci_server_name }}"
-  register: stat_result
-  tags: ssl
-
-- name: template nginx https sites-available
-  become: true
-  template:
-    src: "templates/nginx/sites/{{ item }}.j2"
-    dest: "/etc/nginx/sites-available/{{ item }}"
-    mode: 0644
-  with_items:
-    - "{{ ci_server_name }}.https.conf"
-  tags: ssl
-
-- name: enable desired nginx https sites
-  become: true
-  file:
-    src: "/etc/nginx/sites-available/{{ item }}"
-    dest: "/etc/nginx/sites-enabled/{{ item }}"
-    state: link
-  with_items:
-    - "{{ ci_server_name }}.https.conf"
-  notify: restart_nginx
-  when: stat_result.stat.exists
-  tags: ssl

ansible/roles/ssl/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: common

ansible/roles/ssl/tasks/certbot.yml

@@ -0,0 +1,25 @@
+---
+- name: generate openssl dhparam for nginx
+  become: true
+  command: |
+    openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 2048
+  args:
+    creates: /etc/ssl/certs/dhparam.pem
+  tags: ssl
+
+- name: create ssl certificate for ci server
+  become: true
+  command: |
+    certbot certonly --webroot --webroot-path=/srv/http \
+    -m {{ ci_server_email }} --agree-tos \
+    -d {{ ci_server_name }}
+  args:
+    creates: "/etc/letsencrypt/live/{{ ci_server_name }}"
+  tags: ssl
+
+- name: check if certbot certificate was created
+  become: true
+  stat:
+    path: "/etc/letsencrypt/live/{{ ci_server_name }}"
+  register: stat_result
+  tags: ssl

ansible/roles/ssl/tasks/main.yml

@@ -0,0 +1,3 @@
+---
+- import_tasks: certbot.yml
+- import_tasks: cron.yml