improve acmetool enable/disable

tasks/acme.yml

@@ -1,38 +1,24 @@
 ---
-
 - name: Copy shell script to enable tls sites
+  become: true
   copy:
     src: 'files/acmetool/enable_tls.sh'
     dest: '/etc/acme/hooks/enable_tls.sh'
     owner: root
     group: root
     mode: 'u=rx,g=r,o='
-  tags:
-    - configuration
-    - acme
-
 
 - name: Get certificate for default server
+  become: true
   command: acmetool want '{{ inventory_hostname }}'
   args:
     creates: '/var/lib/acme/live/{{ inventory_hostname }}'
-  tags:
-    - configuration
-    - acme
-    - certificates
-    - operation
-
 
 - name: Get certificates for all configured sites
-  #command: acmetool want '{{ site.name }}' '{{ site.altnames | default([]) | join(" ") }}'
+  become: true
   command: acmetool want '{{ ([site.name] + (site.altnames | default([]) )) | join(" ") }}'
   args:
     creates: '/var/lib/acme/live/{{ site.name }}/'
   with_items: '{{ nginx_sites }}'
   loop_control:
     loop_var: site
-  tags:
-    - configuration
-    - acme
-    - certificates
-    - operation

tasks/main.yml

@@ -31,6 +31,4 @@
 
 - name: Configure acmetool and obtain certificates
   include_tasks: acme.yml
-  tags:
-    - configuration
-    - acme
+  when: nginx__acmetool_enabled

tasks/single_site.yml

@@ -7,7 +7,6 @@
     owner: root
     group: root
     mode: 'u=rw,g=r,o=r'
-  #when: site.http_plain_template | default(True)
   notify:
     - systemctl reload nginx
 
@@ -19,7 +18,6 @@
     owner: root
     group: root
     mode: 'u=rw,g=r,o=r'
-  #when: not site.redirect_target | default(True)
   notify:
     - systemctl reload nginx
 
@@ -56,23 +54,6 @@
   notify:
     - systemctl reload nginx
 
-#- name: Copy additional per site '{{ site.name }}' snippet files
-#  become: true
-#  template:
-#    src: 'files/nginx/snippets/{{ item }}'
-#    dest: '/etc/nginx/snippets/{{ item }}'
-#    owner: root
-#    group: root
-#    mode: 'u=rw,g=r,o=r'
-#  with_items: '{{ site.snippets }}'
-#  when: site.snippets | default([])
-#  notify:
-#    - systemctl reload nginx
-#  tags:
-#    - configuration
-#    - nginx
-#    - sites
-
 - name: Enable '{{ site.name }}' site plain http configuration
   become: true
   file:
@@ -84,11 +65,12 @@
     - systemctl reload nginx
 
 # Note: done by acmetool after sucessfully obtaining a suitable certificate
-#- name: Enable '{{ site.name }}' site tls configuration
-#  become: true
-#  file:
-#    src: '/etc/nginx/sites-available/{{ site.name }}_tls'
-#    dest: '/etc/nginx/sites-enabled/{{ site.name }}_tls'
-#    state: link
-#  notify:
-#    - systemctl reload nginx
+- name: Enable '{{ site.name }}' site tls configuration
+  become: true
+  file:
+    src: '/etc/nginx/sites-available/{{ site.name }}_tls'
+    dest: '/etc/nginx/sites-enabled/{{ site.name }}_tls'
+    state: link
+  notify:
+    - systemctl reload nginx
+  when: not nginx__acmetool_enabled