From 3b99eaf72d5cc552c2b5b874672d1729c3a5fa6e Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Fri, 22 May 2020 22:21:55 +0200
Subject: [PATCH] allow to control multiple cert groups

---
 defaults/main.yml | 10 ++++++----
 tasks/install.yml |  6 +++++-
 tasks/setup.yml   | 30 ++++++++++++++++--------------
 3 files changed, 27 insertions(+), 19 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 198a213..3a99e48 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -3,7 +3,6 @@
 certbot_packages_extra: []
 
 certbot_user: root
-certbot_initial_run_enabled: False
 
 certbot_work_dir: /var/lib/letsencrypt
 certbot_config_dir: /etc/letsencrypt
@@ -13,8 +12,12 @@ certbot_preferred_challenges: dns
 certbot_server: https://acme-v02.api.letsencrypt.org/directory
 certbot_email: mail@example.com
 certbot_rsa_key_size: 4096
-certbot_domains:
-  - example.com
+certbot_domain_groups:
+  - name: example
+    domains:
+      - "*.example.com"
+      - example.com
+    init: False
 
 # @var certbot_credentials:description: >
 # Specify key value parairs for your credentials (e.g. plugin credentials).
@@ -26,7 +29,6 @@ certbot_credentials: []
 # @var certbot_bin:description: Location of the certbot binary. Default is to `~/.local/.bin/certbot`.
 certbot_command_arguments:
   - "certonly"
-  - "-n -d {{ certbot_domains | join(',') }}"
 
 # @var certbot_cron_enabled:description: Enable scheduling via cron.
 certbot_cron_enabled: True
diff --git a/tasks/install.yml b/tasks/install.yml
index 74e6dd6..53ca131 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -45,7 +45,7 @@
 
     - name: Schedule certbot run
       cron:
-        name: Certbot automatic renewal
+        name: "Certbot automatic renewal: {{ item.name }}"
         minute: "{{ certbot_cron_minute }}"
         hour: "{{ certbot_cron_hour }}"
         user: "{{ certbot_cron_user | default(certbot_user) }}"
@@ -55,7 +55,11 @@
           --work-dir {{ certbot_work_dir }}
           --logs-dir {{ certbot_log_dir }}
           {{ certbot_command_arguments | join(' ') }}
+          -n -d {{ item.domains | join(',') }}
         cron_file: "{{ certbot_cron_file | default(omit) }}"
+      loop: "{{ certbot_domain_groups }}"
+      loop_control:
+        label: "{{ item.name }}"
       when: certbot_cron_enabled
   become: True
   become_user: "{{ certbot_user }}"
diff --git a/tasks/setup.yml b/tasks/setup.yml
index f97e2be..ccd4699 100644
--- a/tasks/setup.yml
+++ b/tasks/setup.yml
@@ -1,17 +1,19 @@
 ---
-- name: Initialise certbot
-  block:
-    - name: Initial run of certbot
-      command: >
-        {{ certbot_bin | default(__certbot_bin) }}
-        --config-dir {{ certbot_config_dir }}
-        --work-dir {{ certbot_work_dir }}
-        --logs-dir {{ certbot_log_dir }}
-        --agree-tos
-        {{ certbot_command_arguments | join(' ') }}
-      register: certbot_init
-      changed_when: certbot_init.rc == 130
-      ignore_errors: True
+- name: Initial run of certbot
+  command: >
+    {{ certbot_bin | default(__certbot_bin) }}
+    --config-dir {{ certbot_config_dir }}
+    --work-dir {{ certbot_work_dir }}
+    --logs-dir {{ certbot_log_dir }}
+    --agree-tos
+    {{ certbot_command_arguments | join(' ') }}
+    - n -d {{ item.domains | join(',') }}
+  register: certbot_init
+  changed_when: certbot_init.rc == 130
+  ignore_errors: True
+  loop: "{{ certbot_domain_groups }}"
+  loop_control:
+    label: "{{ item.name }}"
+  when: "{{ item.init | default(False) | bool }}"
   become: True
   become_user: "{{ certbot_user }}"
-  when: certbot_initial_run_enabled