Rename role setup_certbot => add_cert_http_01

roles/add_cert_http_01/README.md

@@ -0,0 +1,3 @@
+# Add certificate - HTTP-01
+
+Deploys a Let's Encrypt certificate with `certbot`, using a HTTP-01 challenge.

roles/add_cert_http_01/tasks/main.yml

@@ -1,4 +1,5 @@
 ---
+
 - name: Install certbot
   become: true
   ansible.builtin.apt:
@@ -29,16 +30,16 @@
 - name: Copy apache confs
   become: true
   ansible.builtin.copy:
-    src: "{{ item.src }}"
+    src: "apache2/conf-available/{{ item }}"
-    dest: "{{ item.dest }}"
+    dest: "/etc/apache2/conf-available/{{ item }}"
     mode: 0644
   with_items:
-    - {src: 'acme.conf', dest: '/etc/apache2/conf-available/acme.conf'}
+    - acme.conf
-    - {src: 'ssl-options.conf', dest: '/etc/apache2/conf-available/ssl-options.conf'}
+    - ssl-options.conf
 
 - name: Enable apache confs
   become: true
-  ansible.builtin.command: a2enconf {{ item }}
+  ansible.builtin.command: "a2enconf {{ item }}"
   with_items:
     - acme
     - ssl-options
@@ -49,15 +50,7 @@
 - name: Allow certbot renewal
   become: true
   ansible.builtin.copy:
-    src: http-certbot.conf
+    src: nftables/input.d/http-certbot.conf
     dest: /etc/nftables/input.d/http-certbot.conf
     mode: 0640
   notify: Reload nftables service
-
-- name: Allow incoming HTTPS
-  become: true
-  ansible.builtin.copy:
-    src: https.conf
-    dest: /etc/nftables/input.d/https.conf
-    mode: 0640
-  notify: Reload nftables service

roles/deux_puissance_x/meta/main.yml

@@ -1,5 +1,4 @@
 ---
 dependencies:
   - role: setup_apache2
-  - role: setup_certbot
   - role: setup_mariadb

roles/forgejo/meta/main.yml

@@ -3,4 +3,3 @@ dependencies:
   - role: setup_fail2ban
   - role: setup_apache2
   - role: setup_mariadb
-  - role: setup_certbot

roles/setup_certbot/files/https.conf

@@ -1 +0,0 @@
-tcp dport https accept comment "Allow HTTPS from all"

roles/tunuifranken/meta/main.yml

@@ -1,4 +1,3 @@
 ---
 dependencies:
   - role: setup_apache2
-  - role: setup_certbot