Fix pre-commit hooks and move directories

roles/ and inventory/ are now in playbooks/
also fixed issues reported by ansible-lint

playbooks/roles/lego/tasks/config.yml

@@ -0,0 +1,19 @@
+---
+- name: Set config path
+  ansible.builtin.set_fact:
+    config_path: "{{ (service_path, 'config') | path_join }}"
+- name: Create config directory
+  ansible.builtin.file:
+    path: "{{ config_path }}"
+    state: directory
+    mode: "0755"
+- name: Copy the acme-dns-accounts
+  ansible.builtin.template:
+    src: "json.j2"
+    dest: "{{ (config_path, 'acme-dns-accounts.json') | path_join }}"
+    mode: "0644"
+- name: Copy the hook script
+  ansible.builtin.copy:
+    src: "hook.sh"
+    dest: "{{ (config_path, 'hook.sh') | path_join }}"
+    mode: "0755"

playbooks/roles/lego/tasks/hooks.yml

@@ -0,0 +1,14 @@
+---
+- name: Set hooks path
+  ansible.builtin.set_fact:
+    hooks_path: "{{ (service_path, 'hooks') | path_join }}"
+- name: Create hooks directory
+  ansible.builtin.file:
+    path: "{{ hooks_path }}"
+    state: directory
+    mode: "0755"
+- name: Copy the additional hooks
+  ansible.builtin.copy:
+    src: hooks/
+    dest: "{{ hooks_path }}"
+    mode: "0755"

playbooks/roles/lego/tasks/main.yml

@@ -0,0 +1,43 @@
+---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
+- name: Deploy {{ role_name }}
+  vars:
+    env: "{{ lego_env }}"
+    json: "{{ vault_acmedns_registered | acmedns_to_lego }}"
+    compose: "{{ lego_compose }}"
+  block:
+    - name: Import prepare tasks for common service
+      ansible.builtin.import_tasks: tasks/prepare-common-service.yml
+
+    - name: Create _certificates directory
+      ansible.builtin.file:
+        path: "{{ certificates_path }}"
+        state: directory
+        mode: "0755"
+
+    - name: Import tasks specific to the config directory
+      ansible.builtin.import_tasks: config.yml
+    - name: Import tasks specific to hooks
+      ansible.builtin.import_tasks: hooks.yml
+    - name: Import tasks specific to systemd
+      ansible.builtin.import_tasks: systemd.yml
+
+    - name: Copy the run script
+      ansible.builtin.copy:
+        src: "lego.sh"
+        dest: "{{ (service_path, 'lego.sh') | path_join }}"
+        mode: "0755"
+
+    - name: Import tasks create a service.env file
+      ansible.builtin.import_tasks: tasks/steps/template-service-env.yml
+
+    - name: Run certificate-script for domains
+      ansible.builtin.command:
+        cmd: "./lego.sh {{ item }}"
+        chdir: "{{ service_path }}"
+      become: true
+      loop: "{{ lego_host_certificates }}"
+      register: cmd_result
+      changed_when: cmd_result.stderr | regex_search('Server responded with a certificate.')

playbooks/roles/lego/tasks/systemd.yml

@@ -0,0 +1,40 @@
+---
+- name: Copy the system service
+  ansible.builtin.template:
+    src: lego@.service.j2
+    dest: /etc/systemd/system/lego@.service
+    mode: "0644"
+  become: true
+- name: Copy the system timer
+  ansible.builtin.copy:
+    src: lego@.timer
+    dest: /etc/systemd/system/lego@.timer
+    mode: "0644"
+  become: true
+
+- name: Get all lego timers
+  ansible.builtin.shell:
+    cmd: "set -o pipefail && systemctl list-timers 'lego@*' --all --output=json | jq -r '.[].unit'"
+  register: systemd_timers_result
+  changed_when: false
+
+- name: Generate systemd timer names
+  ansible.builtin.set_fact:
+    lego_systemd_timers: "{{ lego_host_certificates | list_prefix_suffix('lego@', '.timer') }}"
+
+- name: Disable unused system timers
+  ansible.builtin.systemd_service:
+    name: "{{ item }}"
+    state: stopped
+    enabled: false
+  loop: "{{ systemd_timers_result.stdout_lines | difference(lego_systemd_timers) }}"
+  become: true
+
+- name: Enable the system timers
+  ansible.builtin.systemd_service:
+    name: "{{ item }}"
+    state: started
+    enabled: true
+    daemon_reload: true
+  loop: "{{ lego_systemd_timers }}"
+  become: true