Extract playbook actions to roles

ansible/roles/ssl/templates/acme-client.conf

@@ -0,0 +1,13 @@
+# {{ ansible_managed }}
+authority letsencrypt {
+    api url "https://acme-v02.api.letsencrypt.org/directory"
+    account key "/etc/acme/letsencrypt-privkey.pem"
+}
+
+{% for domain in domains %}
+domain "{{ domain }}" {
+    domain key "/etc/ssl/private/{{ domain }}.key"
+    domain full chain certificate "/etc/ssl/{{ domain }}.fullchain.pem"
+    sign with letsencrypt
+}
+{% endfor %}

ansible/roles/ssl/templates/httpd.conf

@@ -0,0 +1,28 @@
+# {{ ansible_managed }}
+server "{{ inventory_hostname }}" {
+    listen on * port 80
+    location "/.well-known/acme-challenge/*" {
+        root "/acme"
+        request strip 2
+    }
+    location * {
+        block return 302 "https://$HTTP_HOST$REQUEST_URI"
+    }
+}
+
+{% for vhost in domains %}
+server "{{ vhost }}" {
+    listen on * tls port 443
+    tls {
+        certificate "/etc/ssl/{{ vhost }}.fullchain.pem"
+        key "/etc/ssl/private/{{ vhost }}.key"
+    }
+    location "/.well-known/acme-challenge/*" {
+        root "/acme"
+        request strip 2
+    }
+    location * {
+        root "/vhosts/{{ vhost }}"
+    }
+}
+{% endfor %}