add super secret secrets

ansible/roles/lego/tasks/generate_cert.yaml

@@ -0,0 +1,19 @@
+- name: Gather package facts
+  ansible.builtin.package_facts:
+    manager: auto  
+
+- name: Generate initial cert (http)
+  command:
+    cmd: /usr/local/bin/lego -a --email="{{ letsencrypt_email }}" --domains="{{ inventory_hostname | default(cert_domain) }}" --key-type {{ cert_key_type | default('rsa4096') }} --http run
+    chdir: /root
+    creates: "/root/.lego/certificates/{{ inventory_hostname | default(cert_domain) }}.crt"
+
+- name: Generate initial cert (dns)
+  command:
+    cmd: /usr/local/bin/lego -a --email="{{ letsencrypt_email }}" --dns linode --domains="{{ inventory_hostname | default(cert_domain) }}" --key-type {{ cert_key_type | default('rsa4096') }} run
+    chdir: /root
+    creates: "/root/.lego/certificates/{{ inventory_hostname | default(cert_domain) }}.crt"
+    environment:
+      LINODE_POLLING_INTERVAL: 120
+      LINODE_PROPAGATION_TIMEOUT: 600
+      LINODE_TOKEN: {{ linode_dns_token }}