From e50f413f5e353da5337e84f4403055ef15305e18 Mon Sep 17 00:00:00 2001
From: Alan Orth <alan.orth@gmail.com>
Date: Wed, 25 Apr 2018 20:03:32 +0300
Subject: [PATCH] roles/nginx: Use dynamic include_tasks for Let's Encrypt

Use dynamic includes instead of static imports when you are running
tasks conditionally or using variable interpolation. The down side
is that you need to then tag the parent task as well as all child
tasks, as tags only apply to children of statically imported tasks.
---
 roles/nginx/tasks/letsencrypt.yml | 4 ++++
 roles/nginx/tasks/vhosts.yml      | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/roles/nginx/tasks/letsencrypt.yml b/roles/nginx/tasks/letsencrypt.yml
index fe132b1..5f8173d 100644
--- a/roles/nginx/tasks/letsencrypt.yml
+++ b/roles/nginx/tasks/letsencrypt.yml
@@ -2,16 +2,20 @@
 
 - name: Copy systemd service to renew Let's Encrypt certs
   template: src=renew-letsencrypt.service.j2 dest=/etc/systemd/system/renew-letsencrypt.service mode=0644 owner=root group=root
+  tags: letsencrypt
 
 - name: Copy systemd timer to renew Let's Encrypt certs
   copy: src=renew-letsencrypt.timer dest=/etc/systemd/system/renew-letsencrypt.timer mode=0644 owner=root group=root
+  tags: letsencrypt
 
 # always issues daemon-reload just in case the server/timer changed
 - name: Start and enable systemd timer to renew Let's Encrypt certs
   systemd: name=renew-letsencrypt.timer state=started enabled=yes daemon_reload=yes
+  tags: letsencrypt
 
 - name: Download certbot
   get_url: dest={{ letsencrypt_certbot_dest }} url=https://dl.eff.org/certbot-auto mode=700
+  tags: letsencrypt
 
 - name: Install certbot dependencies (Ubuntu 16.04)
   when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('16.04', '==')
diff --git a/roles/nginx/tasks/vhosts.yml b/roles/nginx/tasks/vhosts.yml
index 566939a..4ca136d 100644
--- a/roles/nginx/tasks/vhosts.yml
+++ b/roles/nginx/tasks/vhosts.yml
@@ -32,7 +32,7 @@
   loop: "{{ nginx_vhosts }}"
   tags: wordpress
 
-- import_tasks: letsencrypt.yml
+- include_tasks: letsencrypt.yml
   when: use_letsencrypt is defined and use_letsencrypt == True
   tags: letsencrypt