Merge branch 'fix' into 'master'

- src: https://gitlab.cyberbrain.pw/ansible/roles/freeipa_le_ca

  scm: git

- src: https://gitlab.cyberbrain.pw/ansible/roles/freeipa_le_certs_httpd

  scm: git

- src: https://gitlab.cyberbrain.pw/ansible/roles/ssl_refresher

  scm: git

  roles:

    - freeipa_le_ca

- name: Install ssl-refresher

  hosts: ipaserver:ipareplicas

  become: yes

  vars:

    - ssl_refresher_success: |

        systemctl restart httpd.service

  roles:

    - ssl_refresher

- name: Bind ssl-refresher certs

  hosts: ipaserver:ipareplicas

  become: yes

  tasks:

    - name: Update IPA certs

      ansible.builtin.shell: ipa-certupdate

      changed_when: False

    - name: Put cert in httpd config

      ansible.builtin.lineinfile:

        path: "/etc/httpd/conf.d/ssl.conf"

        state: present

        insertafter: "^<VirtualHost +_default_:443>$"

        # insertbefore: "^</VirtualHost>$"

        regexp: "^SSLCertificateFile .*"

        line: "SSLCertificateFile /opt/ssl/fullchain.pem"

        backup: yes

      notify:

        - Restart ipa

    - name: Put key in httpd config

      ansible.builtin.lineinfile:

        path: "/etc/httpd/conf.d/ssl.conf"

        state: present

        insertafter: "^<VirtualHost +_default_:443>$"

        # insertbefore: "^</VirtualHost>$"

        regexp: "^SSLCertificateKeyFile .*"

        line: "SSLCertificateKeyFile /opt/ssl/privkey.pem"

        backup: yes

      notify:

        - Restart ipa

  handlers:

    - name: Restart ipa

      ansible.builtin.systemd:

        name: httpd.service

        state: restarted

  roles:

    - freeipa_le_certs_httpd

- name: Install ucarp with dependencies

  hosts: ipaserver:ipareplicas