kodi media services basic setup

ansible/roles/certbot/tasks/main.yaml

@@ -3,8 +3,50 @@
   community.general.pacman:
     name:
       - certbot
-      - certbot-dns-rfc2136
+      - certbot-dns-{{ certbot_dns_plugin }}
     state: present
     update_cache: true
 
-- name: Add certbot config
+- name: Install certbot webserver plugin (Archlinux)
+  when:
+    - ansible_facts['os_family'] == "Archlinux"
+    - certbot_webserver_type == 'nginx'
+  community.general.pacman:
+    name:
+      - certbot-nginx
+    state: present
+    update_cache: true
+
+- name: Template out the dns config file
+  when: certbot_dns_plugin == 'rfc2136'
+  ansible.builtin.template:
+    src: "{{ certbot_dns_plugin }}.conf.j2"
+    dest: "/etc/letsencrypt/{{ certbot_dns_plugin }}.conf"
+    owner: root
+    group: root
+    mode: '0600'
+
+- name: Register certbot account
+  ansible.builtin.command:
+    argv:
+      - "certbot register"
+      - "--agree-tos"
+      - "--email {{ certbot_email }}"
+      - "--no-eff-email"
+    creates: /etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/{{ certbot_email }}
+
+- name: Request and install certificates
+  ansible.builtin.command:
+    argv:
+      - "certbot --nginx run -n"
+      - "--dns-{{ certbot_dns_plugin }}"
+      - "--dns-{{ certbot_dns_plugin }}-credentials /etc/letsencrypt/{{ certbot_dns_plugin }}.conf"
+      - "-d {{ item }}"
+    creates: /etc/letsencrypt/live/{{ item }}/fullchain.pem
+  loop: "{{ certbot_domains }}"
+
+- name: Enable certbot renewal
+  ansible.builtin.service:
+    name: certbot-renew.timer
+    state: started
+    enabled: true

ansible/roles/certbot/templates/rfc2136.conf.j2

@@ -0,0 +1,4 @@
+dns_rfc2136_server = {{ certbot_rfc2136_server }}
+dns_rfc2136_name = {{ certbot_rfc2136_key_name }}
+dns_rfc2136_secret = {{ certbot_rfc2136_key_secret }}
+dns_rfc2136_algorithm = {{ certbot_rfc2136_key_algorithm }}