Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

roles/generic-certbot/README.md

@@ -0,0 +1,32 @@
+# Certbot
+
+## 🔥 Description
+
+This Ansible role automates the installation and configuration of [Certbot](https://certbot.eff.org/), a free and open-source tool for automating the deployment of [Let's Encrypt](https://letsencrypt.org/) certificates. It also handles the setup of DNS plugins for ACME challenges.
+
+## 📖 Overview
+
+Optimized for Archlinux, this role ensures secure SSL/TLS certificate generation with minimal manual intervention. It supports both `webroot` and `DNS-01` validation methods, providing flexibility based on your infrastructure needs.
+
+### Key Features
+- **Automatic Installation:** Installs `certbot` and the necessary DNS plugin via pacman.
+- **Dynamic DNS Plugin Support:** Automatically installs the correct `certbot-dns-<provider>` package based on your selected challenge method.
+- **Credential Management:** Creates secure credential files for DNS API tokens when using DNS-01 validation.
+- **Idempotent Execution:** Tasks are intelligently executed only once per playbook run.
+
+## 🎯 Purpose
+
+The Certbot role provides a ready-to-use, automated solution for SSL/TLS management in your infrastructure. Whether you're managing traditional servers or containerized environments, this role ensures your certificates are always in place and valid.
+
+## 🚀 Features
+
+- **Certbot Installation:** Ensures the latest version of Certbot is installed.
+- **DNS Plugin Installation:** Installs a matching plugin based on your configured ACME challenge method.
+- **Credential Directory Management:** Creates a secured `/etc/certbot` directory with proper permissions.
+- **API Token File Setup:** Manages API token files securely for DNS challenge authentication.
+
+## 🔗 Learn More
+
+- [Certbot Official Website](https://certbot.eff.org/)
+- [Let's Encrypt](https://letsencrypt.org/)
+- [ACME Challenge Types (Wikipedia)](https://en.wikipedia.org/wiki/Automated_Certificate_Management_Environment)

roles/generic-certbot/meta/main.yml

@@ -0,0 +1,28 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Automates the installation and configuration of Certbot for SSL/TLS certificate management"
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Archlinux
+      versions:
+        - rolling
+  galaxy_tags:
+    - certbot
+    - ssl
+    - tls
+    - https
+    - encryption
+    - letsencrypt
+    - acme
+    - automation
+  repository: "https://s.veen.world/cymais"
+  issue_tracker_url: "https://s.veen.world/cymaisissues"
+  documentation: "https://s.veen.world/cymais"
+dependencies: []

roles/generic-certbot/tasks/main.yml

@@ -0,0 +1,41 @@
+- name: install certbot
+  pacman:
+    name: certbot
+    state: present
+  when: run_once_certbot is not defined
+
+- name: install certbot DNS plugin
+  pacman:
+    name: "certbot-dns-{{ certbot_acme_challenge_method }}"
+    state: present
+  when:
+    - run_once_certbot is not defined
+    - certbot_acme_challenge_method != 'webroot'
+
+- name: Ensure /etc/certbot directory exists
+  file:
+    path:   "{{ certbot_credentials_dir }}"
+    state:  directory
+    owner:  root
+    group:  root
+    mode:   '0755'
+  when:
+    - run_once_certbot is not defined
+    - certbot_acme_challenge_method != 'webroot'
+
+- name: Install plugin credentials file
+  copy:
+    dest: "{{ certbot_credentials_file }}"
+    content: |
+      dns_{{ certbot_acme_challenge_method }}_api_token = {{ certbot_dns_api_token }}
+    owner: root
+    group: root
+    mode: '0600'
+  when:
+    - run_once_certbot is not defined
+    - certbot_acme_challenge_method != 'webroot'
+
+- name: run the certbot role once
+  set_fact:
+    run_once_certbot: true
+  when: run_once_certbot is not defined