feat(server/certbot): add support for certbot

Signed-off-by: Matej Focko <me@mfocko.xyz>

inventory/servers.yml

@@ -4,3 +4,6 @@ servers:
     poincare:
     maxwell:
       system_sshd_port: 6969
+
+  vars:
+    cloudflare_token: None

roles/server/certbot/tasks/install.yml

@@ -0,0 +1,7 @@
+---
+- name: Install the Certbot and Cloudflare plugin
+  ansible.builtin.package:
+    name:
+      - certbot
+      - python3-certbot-dns-cloudflare
+    state: present

roles/server/certbot/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+- name: Packages
+  ansible.builtin.include_tasks: install.yml
+  tags: install
+
+- name: Install the Cloudflare secrets
+  ansible.builtin.template:
+    src: templates/cloudflare.ini
+    dest: /root/.secrets/cloudflare.ini
+    mode: 0600
+    owner: root
+    group: root

roles/server/certbot/templates/cloudflare.ini

@@ -0,0 +1 @@
+dns_cloudflare_api_token = {{ cloudflare_token }}