3 files changed, 58 insertions, 53 deletions

diff --git a/roles/letsencrypt/tasks/certbot.yml b/roles/letsencrypt/tasks/certbot.yml
new file mode 100644
index 0000000..2a7664e
--- /dev/null
+++ b/roles/letsencrypt/tasks/certbot.yml
@@ -0,0 +1,28 @@
+# Instructions are from
+#     https://certbot.eff.org/instructions?ws=nginx&os=snap&tab=wildcard
+
+- name: Install Certbot
+  become: true
+  block:
+    - name: Install snapd
+      ansible.builtin.apt:
+        install_recommends: false
+        name: snapd
+
+    - name: Install Certbot
+      community.general.snap:
+        classic: true
+        name: certbot
+
+    - name: Confirm plugin containment level
+      ansible.builtin.command: snap set certbot trust-plugin-with-root=ok
+
+    - name: Install Certbot DigitalOcean plugin
+      community.general.snap:
+        name: certbot-dns-digitalocean
+
+    - name: Create Certbot symlink in /usr/bin
+      ansible.builtin.file:
+        src: /snap/bin/certbot
+        dest: /usr/bin/certbot
+        state: link
diff --git a/roles/letsencrypt/tasks/digitalocean.yml b/roles/letsencrypt/tasks/digitalocean.yml
new file mode 100644
index 0000000..bbf9380
--- /dev/null
+++ b/roles/letsencrypt/tasks/digitalocean.yml
@@ -0,0 +1,28 @@
+- name: Configure Certbot DigitalOcean plugin
+  become: true
+  block:
+    - name: Prompt for token
+      ansible.builtin.pause:
+        prompt: |
+          Enter your API token:
+        echo: false
+      register: digitalocean_token
+      when:
+        - lookup('env', 'DIGITALOCEAN_TOKEN') | length <= 0
+
+    - name: Set the token as a fact
+      ansible.builtin.set_fact:
+        digitalocean_token: "{{ digitalocean_token.user_input | default(lookup('env', 'DIGITALOCEAN_TOKEN')) }}"
+
+    - name: Fail if the token is invalid
+      ansible.builtin.fail:
+        msg: 'DigitalOcean token is invalid'
+      when: digitalocean_token | length == 0
+
+    - name: Configure certbot.ini
+      ansible.builtin.template:
+        src: certbot.ini
+        dest: '{{ certbot_ini }}'
+        owner: root
+        group: root
+        mode: '600'
diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml
index d12aad2..a4160d7 100644
--- a/roles/letsencrypt/tasks/main.yml
+++ b/roles/letsencrypt/tasks/main.yml
@@ -1,59 +1,8 @@
-- name: Install snapd
-  become: true
-  ansible.builtin.apt:
-    install_recommends: false
-    name: snapd
-
 - name: Install Certbot
-  become: true
-  community.general.snap:
-    classic: true
-    name: certbot
-
-- name: Confirm plugin containment level
-  become: true
-  ansible.builtin.command: snap set certbot trust-plugin-with-root=ok
-
-- name: Install Certbot DigitalOcean plugin
-  become: true
-  community.general.snap:
-    name: certbot-dns-digitalocean
-
-- name: Create Certbot symlink in /usr/bin
-  become: true
-  ansible.builtin.file:
-    src: /snap/bin/certbot
-    dest: /usr/bin/certbot
-    state: link
+  ansible.builtin.include_tasks: certbot.yml
 
 - name: Configure Certbot DigitalOcean plugin
-  become: true
-  block:
-    - name: Prompt for token
-      ansible.builtin.pause:
-        prompt: |
-          Enter your API token:
-        echo: false
-      register: digitalocean_token
-      when:
-        - lookup('env', 'DIGITALOCEAN_TOKEN') | length <= 0
-
-    - name: Set the token as a fact
-      ansible.builtin.set_fact:
-        digitalocean_token: "{{ digitalocean_token.user_input | default(lookup('env', 'DIGITALOCEAN_TOKEN')) }}"
-
-    - name: Fail if the token is invalid
-      ansible.builtin.fail:
-        msg: 'DigitalOcean token is invalid'
-      when: digitalocean_token | length == 0
-
-    - name: Configure certbot.ini
-      ansible.builtin.template:
-        src: certbot.ini
-        dest: '{{ certbot_ini }}'
-        owner: root
-        group: root
-        mode: '600'
+  ansible.builtin.include_tasks: digitalocean.yml
 
 - name: Create /etc/letsencrypt
   become: true