From c970c562a92f7d5846fc19230481792eed26c217 Mon Sep 17 00:00:00 2001
From: Timotej Lazar <timotej.lazar@fri.uni-lj.si>
Date: Fri, 15 Nov 2024 11:25:50 +0100
Subject: [PATCH] nginx: support certificates for multiple domains

Uses `tls_domains` config context property from NetBox.
---
 roles/nginx/README.md      | 3 +++
 roles/nginx/tasks/main.yml | 6 +++++-
 2 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 roles/nginx/README.md

diff --git a/roles/nginx/README.md b/roles/nginx/README.md
new file mode 100644
index 0000000..6392617
--- /dev/null
+++ b/roles/nginx/README.md
@@ -0,0 +1,3 @@
+Install nginx, set up generic HTTPS redirects and the .well-known directory.
+
+Acquire Let’s Encrypt certificates for the primary IP `dns_name` and any domains listed in the `tls_domains` context property.
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 2fb8a50..a57e009 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -26,7 +26,11 @@
 
 - name: Get LE certificate
   command:
-    cmd: certbot certonly --non-interactive --agree-tos --register-unsafely-without-email --webroot --webroot-path /srv/http -d {{ dns_name }}
+    cmd: >
+      certbot certonly
+          --non-interactive --agree-tos --register-unsafely-without-email
+          --webroot --webroot-path /srv/http
+          -d {{ ([dns_name] + tls_domains|default([])) | join(',') }}
     creates: '/etc/letsencrypt/renewal/{{ dns_name }}.conf'
 
 - name: Install certificate renewal deployment hook