Include letsencrypt setup & add woodpecker nginx config

tasks/nginx.yml

@@ -9,6 +9,7 @@
   loop:
     - { src: 'templates/nginx/default.j2', dest: '/etc/nginx/sites-available/default' }
     - { src: 'templates/nginx/forgejo.j2', dest: '/etc/nginx/sites-available/forgejo' }
+    - { src: 'templates/nginx/woodpecker.j2', dest: '/etc/nginx/sites-available/woodpecker' }
     - { src: 'templates/nginx/sentry.j2', dest: '/etc/nginx/sites-available/sentry' }
     - { src: 'templates/nginx/vpn.j2', dest: '/etc/nginx/sites-available/vpn' }
     - {
@@ -32,6 +33,10 @@
         src: '/etc/nginx/sites-available/forgejo',
         dest: '/etc/nginx/sites-enabled/forgejo',
       }
+    - {
+        src: '/etc/nginx/sites-available/woodpecker',
+        dest: '/etc/nginx/sites-enabled/woodpecker',
+      }
     - {
         src: '/etc/nginx/sites-available/sentry',
         dest: '/etc/nginx/sites-enabled/sentry',
@@ -43,4 +48,33 @@
       }
   notify: restart nginx
 
-# TODO: provision certbot configuration
+
+# Run the folowing command to regenerate a certificate:
+#
+# sudo certbot certonly \
+#    --authenticator standalone \
+#    --pre-hook 'systemctl stop nginx' \
+#    --post-hook 'systemctl start nginx' \
+#    --cert-name fudiggity.nl \
+#    -d fudiggity.nl \
+#    -d rss.fudiggity.nl \
+#    -d .....
+#
+# This will also save its configuration.
+#
+- name: copy letsencrypt configuration
+  become: true
+  template:
+    src: 'templates/letsencrypt/cli.j2'
+    dest: '/etc/letsencrypt/cli.ini'
+    owner: root
+    group: root
+    mode: '0644'
+  notify: restart certbot
+
+- name: enable certbot periodic certificate renewal
+  become: true
+  systemd:
+    name: certbot.timer
+    state: started
+    enabled: true