fedora-infra_ansible/playbooks/include/proxies-certificates.yml

- name: Set up those proxy certificates.  Good gravy..
  hosts: proxies_stg:proxies
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"

  roles:

  - role: httpd/mod_ssl

  - role: httpd/certificate
    certname: wildcard-2020.fedoraproject.org
    SSLCertificateChainFile: wildcard-2020.fedoraproject.org.intermediate.cert

  - role: httpd/certificate
    certname: wildcard-2022.fedoraproject.org
    SSLCertificateChainFile: wildcard-2022.fedoraproject.org.intermediate.cert

  - role: httpd/certificate
    certname: wildcard-2020.id.fedoraproject.org
    SSLCertificateChainFile: wildcard-2020.id.fedoraproject.org.intermediate.cert

  - role: httpd/certificate
    certname: wildcard-2020.stg.fedoraproject.org
    SSLCertificateChainFile: wildcard-2020.stg.fedoraproject.org.intermediate.cert
    when: env == "staging"

  - role: httpd/certificate
    certname: wildcard-2021.app.os.stg.fedoraproject.org
    SSLCertificateChainFile: wildcard-2021.app.os.stg.fedoraproject.org.intermediate.cert
    when: env == "staging"
    tags:
    - app.os.stg.fedoraproject.org

  - role: httpd/certificate
    certname: wildcard-2022.apps.ocp.stg.fedoraproject.org
    SSLCertificateChainFile: wildcard-2022.apps.ocp.stg.fedoraproject.org.intermediate.cert
    when: env == "staging"
    tags:
    - apps.ocp.stg.fedoraproject.org

  - role: httpd/certificate
    certname: wildcard-2021.app.os.fedoraproject.org
    SSLCertificateChainFile: wildcard-2021.app.os.fedoraproject.org.intermediate.cert
    tags:
    - app.os.fedoraproject.org

  - role: httpd/certificate
    certname: wildcard-2022.apps.ocp.fedoraproject.org
    SSLCertificateChainFile: wildcard-2021.apps.ocp.fedoraproject.org.intermediate.cert
    tags:
    - apps.ocp.fedoraproject.org

  - role: httpd/certificate
    certname: getfedora.org
    SSLCertificateChainFile: getfedora.org.intermediate.cert
    tags:
    - getfedora.org

  - role: httpd/certificate
    certname: qa.stg.fedoraproject.org
    SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert
    when: env == "staging"

  - role: httpd/certificate
    certname: qa.fedoraproject.org
    SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert

  - role: httpd/certificate
    certname: mirrors.centos.org
    SSLCertificateChainFile: mirrors.centos.org.intermediate.cert
    when: env != "staging"

  - role: httpd/certificate
    certname: mirrors.stg.centos.org
    SSLCertificateChainFile: mirrors.stg.centos.org.intermediate.cert
    when: env == "staging"

  # - role: httpd/certificate
  #   certname: secondary.koji.fedoraproject.org.letsencrypt
  #   SSLCertificateChainFile: secondary.koji.fedoraproject.org.letsencrypt.intermediate.crt