At present, I have two tasks:
This one installs ssl certs for the host in question:
ssl-certificates/tasks/main.yml
Unrelated, but here might be a possible tip to make a cleaner playbook:
vars:
cert_path: “{{ hosts/{{ inventory_hostname }}/{{ inventory_hostname }}.crt”
key_path: “hosts/{{ inventory_hostname }}/{{ inventory_hostname }}.nopassword.key”
certs:
- path: “{{ cert_path }}”
mode: ‘644’ - path: “{{ key_path }}”
mode: ‘600’
tasks:
- name: certs
copy: src={{item.path}} dest=/usr/local/etc/ssl/ owner=root group=www mode={{item.mode}} backup=yes
with_items: certs
I would tend to suggest your cert setup for dovecot to be in the dovecot role though, and other apps in their own.
That way if something decides to get split out later, it’s a little bit more organized.
My two cents – but there may be some reasons for organizing it differently.