fedora-infra_ansible/playbooks/include/proxies-certificates.yml

---
- name: Set up those proxy certificates.  Good gravy..
  hosts: proxies_stg:proxies
  user: root
  gather_facts: true

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"

  roles:

  - role: httpd/mod_ssl

  - role: httpd/certificate
    certname: wildcard-2025.fedoraproject.org
    SSLCertificateChainFile: wildcard-2025.fedoraproject.org.intermediate.cert

  - role: httpd/certificate
    certname: wildcard-2025.fedoraproject.org
    SSLCertificateChainFile: wildcard-2025.fedoraproject.org.intermediate.cert

  - role: httpd/certificate
    certname: wildcard-2025.id.fedoraproject.org
    SSLCertificateChainFile: wildcard-2025.id.fedoraproject.org.intermediate.cert
    tags:
    - id.fedoraproject.org

  - role: httpd/certificate
    certname: wildcard-2026.stg.fedoraproject.org
    SSLCertificateChainFile: wildcard-2026.stg.fedoraproject.org.intermediate.cert
    when: env == "staging"
    tags:
    - stg.fedoraproject.org

  - role: httpd/certificate
    certname: wildcard-2026.stg.fedoraproject.org
    SSLCertificateChainFile: wildcard-2026.stg.fedoraproject.org.intermediate.cert
    when: env == "staging"
    tags:
    - stg.fedoraproject.org

  - role: httpd/certificate
    certname: wildcard-2025.id.stg.fedoraproject.org
    SSLCertificateChainFile: wildcard-2025.id.stg.fedoraproject.org.intermediate.cert
    when: env == "staging"

  - role: httpd/certificate
    certname: wildcard-2025.apps.ocp.stg.fedoraproject.org
    SSLCertificateChainFile: wildcard-2025.apps.ocp.stg.fedoraproject.org.intermediate.cert
    when: env == "staging"
    tags:
    - apps.ocp.stg.fedoraproject.org

  - role: httpd/certificate
    certname: wildcard-2025.apps.ocp.fedoraproject.org
    SSLCertificateChainFile: wildcard-2025.apps.ocp.fedoraproject.org.intermediate.cert
    tags:
    - apps.ocp.fedoraproject.org

  # - role: httpd/certificate
  #   certname: secondary.koji.fedoraproject.org.letsencrypt
  #   SSLCertificateChainFile: secondary.koji.fedoraproject.org.letsencrypt.intermediate.crt