---
# This ansible-playbook installs letsencrypt certs
#
# What it does:
#   - registers LE account
#   - requests/creates first-time certificates
#   - requests new certs if list of domains changed
##
# REVIEW/EDIT THE VARS BELOW BEFORE RUNNING!
# ALL DOMAINS MUST BE REGISTERED FOR TARGET HOST IN DNS!
# WHEN EXPANDING DOMAIN LIST, DO NOT CHANGE FIRST ENTRY!
#
# It will normally be run like this:
#
#  ansible-playbook -b -i h8.waeup.org, letsencrypt.yml
#
- hosts: h8.waeup.org
  vars:
    letsencrypt_email: 'uli@gnufix.de'
    letsencrypt_domains: 'h8.waeup.org,waeup.org,www.waeup.org,git.waeup.org,svn.waeup.org,trac.waeup.org,aaue-trac.waeup.org,coewarri-trac.waeup.org,dspg-trac.waeup.org,edopoly-trac.waeup.org, fceokene-trac.waeup.org,iuokada-trac.waeup.org,moodle-trac.waeup.org,uniben-trac.waeup.org,v1.waeup.org,v2.waeup.org,v3.waeup.org,v4.waeup.org,v5.waeup.org,v6.waeup.org,v7.waeup.org,v8.waeup.org,elearning.waeup.org,gopinkdreams.com,www.gopinkdreams.com,kofaplus.com,www.kofaplus.com,aauelms.waeup.org,ecns-trac.waeup.org,unidel-trac.waeup.org'
    # set to true if you got some LE certs already, but the list of domains expanded
    # if one or more domains are deleted, a NEW cert will be created instead of a RENEWED.
    letsencrypt_expand_domains: true
  roles:
    - letsencrypt
- hosts: h9.waeup.org
  vars:
    letsencrypt_email: 'uli@gnufix.de'
    letsencrypt_domains: 'h9.waeup.org,aaue-alumni.waeup.org,aaue.waeup.org,coewarri.waeup.org,dspg.waeup.org,ecns.waeup.org,edocons.waeup.org,edopoly.waeup.org,fceokene.waeup.org,iuokada.waeup.org,kofa-demo.waeup.org,kofa-doc.waeup.org,unidel.waeup.org,lp-nigeria.com.ng,obi-dient.com.ng'
    # set to true if you got some LE certs already, but the list of domains expanded
    # if one or more domains are deleted, a NEW cert will be created instead of a RENEWED.
    letsencrypt_expand_domains: true
  roles:
    - letsencrypt
- hosts: h10.waeup.org
  vars:
    letsencrypt_email: 'uli@gnufix.de'
    letsencrypt_domains: 'h10.waeup.org,uniben-alumni.waeup.org,uniben-cdl.waeup.org,unibenlms.waeup.org,d2.waeup.org,uniben-moodle.waeup.org,uniben.waeup.org,waeup.uniben.edu,alumni.uniben.edu,cdllms.uniben.edu,cdlkofa.uniben.edu'
    # set to true if you got some LE certs already, but the list of domains expanded
    # if one or more domains are deleted, a NEW cert will be created instead of a RENEWED.
    letsencrypt_expand_domains: true
  roles:
    - letsencrypt