From e49223e043a2903712e65e77cc4de600094bfa77 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?= <frass@greenscale.de>
Date: Tue, 12 Dec 2023 11:49:52 +0100
Subject: [PATCH 1/7] [mod] role:postgresql:minor stuff

---
 ansible/roles/postgresql/tasks/main.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ansible/roles/postgresql/tasks/main.json b/ansible/roles/postgresql/tasks/main.json
index b5d7a50..d870dc8 100644
--- a/ansible/roles/postgresql/tasks/main.json
+++ b/ansible/roles/postgresql/tasks/main.json
@@ -10,13 +10,13 @@
 	},
 	{
 		"name": "get version",
-		"ansible.builtin.command": {
-			"cmd": "ls /etc/postgresql"
+		"ansible.builtin.shell": {
+			"cmd": "ls /etc/postgresql | sort -n | tail -n 1"
 		},
 		"register": "temp_version_output"
 	},
 	{
-		"name": "set port",
+		"name": "config",
 		"become": true,
 		"ansible.builtin.template": {
 			"src": "postgresql.conf.j2",
@@ -24,7 +24,7 @@
 		}
 	},
 	{
-		"name": "restart service",
+		"name": "apply",
 		"become": true,
 		"ansible.builtin.systemd_service": {
 			"state": "restarted",

From 9a01b674b3b1b29b16067d78f2671e9cedce10ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?= <frass@greenscale.de>
Date: Tue, 12 Dec 2023 11:57:33 +0100
Subject: [PATCH 2/7] [fix] postgresql invocation for synapse

---
 .../roles/postgresql-for-synapse/defaults/main.json |  5 +++++
 .../tasks/main.json                                 | 12 ++++++------
 .../defaults/main.json                              |  7 -------
 ansible/roles/postgresql:client-for-synapse/info.md |  3 ---
 .../postgresql:client-for-synapse/tasks/main.json   | 10 ----------
 .../templates/database.yaml.j2                      | 10 ----------
 .../defaults/main.json                              |  5 -----
 ansible/roles/synapse/defaults/main.json            |  6 ++++++
 ansible/roles/synapse/info.md                       |  3 ++-
 ansible/roles/synapse/templates/homeserver.yaml.j2  | 13 +++++++++++++
 10 files changed, 32 insertions(+), 42 deletions(-)
 create mode 100644 ansible/roles/postgresql-for-synapse/defaults/main.json
 rename ansible/roles/{postgresql:server-for-synapse => postgresql-for-synapse}/tasks/main.json (66%)
 delete mode 100644 ansible/roles/postgresql:client-for-synapse/defaults/main.json
 delete mode 100644 ansible/roles/postgresql:client-for-synapse/info.md
 delete mode 100644 ansible/roles/postgresql:client-for-synapse/tasks/main.json
 delete mode 100644 ansible/roles/postgresql:client-for-synapse/templates/database.yaml.j2
 delete mode 100644 ansible/roles/postgresql:server-for-synapse/defaults/main.json

diff --git a/ansible/roles/postgresql-for-synapse/defaults/main.json b/ansible/roles/postgresql-for-synapse/defaults/main.json
new file mode 100644
index 0000000..3c4645a
--- /dev/null
+++ b/ansible/roles/postgresql-for-synapse/defaults/main.json
@@ -0,0 +1,5 @@
+{
+	"var_postgresql_for_synapse_username": "synapse_user",
+	"var_postgresql_for_synapse_password": "synapse_password",
+	"var_postgresql_for_synapse_schema": "synapse"
+}
diff --git a/ansible/roles/postgresql:server-for-synapse/tasks/main.json b/ansible/roles/postgresql-for-synapse/tasks/main.json
similarity index 66%
rename from ansible/roles/postgresql:server-for-synapse/tasks/main.json
rename to ansible/roles/postgresql-for-synapse/tasks/main.json
index 70d54ea..7b6cee0 100644
--- a/ansible/roles/postgresql:server-for-synapse/tasks/main.json
+++ b/ansible/roles/postgresql-for-synapse/tasks/main.json
@@ -15,8 +15,8 @@
 		"become_user": "postgres",
 		"community.postgresql.postgresql_user": {
 			"state": "present",
-			"name": "{{var_postgresql_server_for_synapse_username}}",
-			"password": "{{var_postgresql_server_for_synapse_password}}"
+			"name": "{{var_postgresql_for_synapse_username}}",
+			"password": "{{var_postgresql_for_synapse_password}}"
 		}
 	},
 	{
@@ -26,8 +26,8 @@
 		"community.postgresql.postgresql_db": {
 			"state": "present",
 			"template": "template0",
-			"name": "{{var_postgresql_server_for_synapse_schema}}",
-			"owner": "{{var_postgresql_server_for_synapse_username}}",
+			"name": "{{var_postgresql_for_synapse_schema}}",
+			"owner": "{{var_postgresql_for_synapse_username}}",
 			"encoding": "UTF-8",
 			"lc_collate": "C",
 			"lc_ctype": "C"
@@ -39,9 +39,9 @@
 		"become_user": "postgres",
 		"community.postgresql.postgresql_privs": {
 			"state": "present",
-			"db": "{{var_postgresql_server_for_synapse_schema}}",
+			"db": "{{var_postgresql_for_synapse_schema}}",
 			"objs": "ALL_IN_SCHEMA",
-			"roles": "{{var_postgresql_server_for_synapse_username}}",
+			"roles": "{{var_postgresql_for_synapse_username}}",
 			"privs": "ALL",
 			"grant_option": true
 		}
diff --git a/ansible/roles/postgresql:client-for-synapse/defaults/main.json b/ansible/roles/postgresql:client-for-synapse/defaults/main.json
deleted file mode 100644
index e6aa567..0000000
--- a/ansible/roles/postgresql:client-for-synapse/defaults/main.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
-	"var_postgresql_client_for_synapse_host": "localhost",
-	"var_postgresql_client_for_synapse_port": "5432",
-	"var_postgresql_client_for_synapse_username": "synapse_user",
-	"var_postgresql_client_for_synapse_password": "synapse_password",
-	"var_postgresql_client_for_synapse_schema": "synapse"
-}
diff --git a/ansible/roles/postgresql:client-for-synapse/info.md b/ansible/roles/postgresql:client-for-synapse/info.md
deleted file mode 100644
index 60c6159..0000000
--- a/ansible/roles/postgresql:client-for-synapse/info.md
+++ /dev/null
@@ -1,3 +0,0 @@
-## Verweise
-
-- [Synapse-Dokumentation](https://matrix-org.github.io/synapse/latest/postgres.html#using-postgres)
diff --git a/ansible/roles/postgresql:client-for-synapse/tasks/main.json b/ansible/roles/postgresql:client-for-synapse/tasks/main.json
deleted file mode 100644
index 11d9e15..0000000
--- a/ansible/roles/postgresql:client-for-synapse/tasks/main.json
+++ /dev/null
@@ -1,10 +0,0 @@
-[
-	{
-		"name": "emplace configuration file",
-		"become": true,
-		"ansible.builtin.template": {
-			"src": "database.yaml.j2",
-			"dest": "/etc/matrix-synapse/conf.d/database.yaml"
-		}
-	}
-]
diff --git a/ansible/roles/postgresql:client-for-synapse/templates/database.yaml.j2 b/ansible/roles/postgresql:client-for-synapse/templates/database.yaml.j2
deleted file mode 100644
index 60c4872..0000000
--- a/ansible/roles/postgresql:client-for-synapse/templates/database.yaml.j2
+++ /dev/null
@@ -1,10 +0,0 @@
-database:
-  name: psycopg2
-  args:
-    host: {{var_postgresql_client_for_synapse_host}}
-    port: {{var_postgresql_client_for_synapse_port}}
-    database: "{{var_postgresql_client_for_synapse_schema}}"
-    user: "{{var_postgresql_client_for_synapse_username}}"
-    password: "{{var_postgresql_client_for_synapse_password}}"
-    cp_min: 5
-    cp_max: 10
diff --git a/ansible/roles/postgresql:server-for-synapse/defaults/main.json b/ansible/roles/postgresql:server-for-synapse/defaults/main.json
deleted file mode 100644
index 794f33d..0000000
--- a/ansible/roles/postgresql:server-for-synapse/defaults/main.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-	"var_postgresql_server_for_synapse_username": "synapse_user",
-	"var_postgresql_server_for_synapse_password": "synapse_password",
-	"var_postgresql_server_for_synapse_schema": "synapse"
-}
diff --git a/ansible/roles/synapse/defaults/main.json b/ansible/roles/synapse/defaults/main.json
index 72fc7b1..7c28902 100644
--- a/ansible/roles/synapse/defaults/main.json
+++ b/ansible/roles/synapse/defaults/main.json
@@ -1,6 +1,12 @@
 {
 	"var_synapse_scheme": "https",
 	"var_synapse_domain": "matrix.example.org",
+	"var_synaspe_database_kind": "postgresql",
+	"var_synaspe_database_postgresql_host": "localhost",
+	"var_synaspe_database_postgresql_port": "5432",
+	"var_synaspe_database_postgresql_username": "synapse_user",
+	"var_synaspe_database_postgresql_password": "synapse_password",
+	"var_synaspe_database_postgresql_schema": "synapse"
 	"var_synapse_element_url": "https://element.example.org",
 	"var_synapse_title": "Example | Matrix",
 	"var_synapse_federation_whitelist": "[]",
diff --git a/ansible/roles/synapse/info.md b/ansible/roles/synapse/info.md
index b098a2c..9f4407e 100644
--- a/ansible/roles/synapse/info.md
+++ b/ansible/roles/synapse/info.md
@@ -1,10 +1,11 @@
 ## Beschreibung
 
+Zur Einrichtung des [matrix.org](https://matrix.org/)-Servers Synapse
 
 
 ## Verweise
 
-- [matrix.org](https://matrix.org/)
 - [ubuntuusers-Wiki-Eintrag](https://wiki.ubuntuusers.de/Matrix_synapse/)
 - [GitHub-Repository](https://github.com/matrix-org/synapse)
 - [Configuration Manual](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html)
+- [Dokumentation | PostgreSQL](https://matrix-org.github.io/synapse/latest/postgres.html#using-postgres)
diff --git a/ansible/roles/synapse/templates/homeserver.yaml.j2 b/ansible/roles/synapse/templates/homeserver.yaml.j2
index 0dc29ce..e923528 100644
--- a/ansible/roles/synapse/templates/homeserver.yaml.j2
+++ b/ansible/roles/synapse/templates/homeserver.yaml.j2
@@ -1,3 +1,16 @@
+{% if var_synaspe_database_kind == 'postgresql' %}
+database:
+  name: psycopg2
+  args:
+    host: {{var_synapse_database_postgresql_host}}
+    port: {{var_synapse_database_postgresql_port}}
+    database: "{{var_synapse_database_postgresql_schema}}"
+    user: "{{var_synapse_database_postgresql_username}}"
+    password: "{{var_synapse_database_postgresql_password}}"
+    cp_min: 5
+    cp_max: 10
+{% endif %}
+
 no_tls: True
 
 tls_fingerprints: []

From f8fd3e3093dc3248dbd60be1ec82778f17800e38 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?= <frass@greenscale.de>
Date: Tue, 12 Dec 2023 11:58:28 +0100
Subject: [PATCH 3/7] [fix] role:synapse

---
 ansible/roles/synapse/defaults/main.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible/roles/synapse/defaults/main.json b/ansible/roles/synapse/defaults/main.json
index 7c28902..32550cb 100644
--- a/ansible/roles/synapse/defaults/main.json
+++ b/ansible/roles/synapse/defaults/main.json
@@ -6,7 +6,7 @@
 	"var_synaspe_database_postgresql_port": "5432",
 	"var_synaspe_database_postgresql_username": "synapse_user",
 	"var_synaspe_database_postgresql_password": "synapse_password",
-	"var_synaspe_database_postgresql_schema": "synapse"
+	"var_synaspe_database_postgresql_schema": "synapse",
 	"var_synapse_element_url": "https://element.example.org",
 	"var_synapse_title": "Example | Matrix",
 	"var_synapse_federation_whitelist": "[]",

From 7f50d3e9bc52621f2eef7e7032b63df91a2d53a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?= <frass@greenscale.de>
Date: Wed, 13 Dec 2023 18:04:57 +0100
Subject: [PATCH 4/7] [fix] role:tlscert_acme_netcup

---
 .../roles/tlscert_acme_netcup/tasks/main.json    | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/ansible/roles/tlscert_acme_netcup/tasks/main.json b/ansible/roles/tlscert_acme_netcup/tasks/main.json
index ed198dd..4a9f98f 100644
--- a/ansible/roles/tlscert_acme_netcup/tasks/main.json
+++ b/ansible/roles/tlscert_acme_netcup/tasks/main.json
@@ -1,14 +1,24 @@
 [
 	{
-		"name": "packages",
+		"name": "packages | debian",
 		"become": true,
 		"ansible.builtin.apt": {
 			"pkg": [
 				"openssl",
-				"python3-cryptography"
+				"python3-cryptography",
+				"python3-pip"
 			]
 		}
 	},
+	{
+		"name": "packages | python",
+		"ansible.builtin.pip": {
+			"name": "nc_dnsapi"
+		},
+		"environment": {
+			"PIP_BREAK_SYSTEM_PACKAGES": "1"
+		}
+	},
 	{
 		"name": "setup directories | keys",
 		"become": true,
@@ -105,7 +115,7 @@
 		"name": "dns challenge | wait",
 		"when": "'challenge_data' in temp_acme_data",
 		"ansible.builtin.pause": {
-			"seconds": 60
+			"seconds": 300
 		}
 	},
 	{

From e51bdb478a0d6cf270a8cccd4db5cc47eedf53e5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?= <frass@greenscale.de>
Date: Wed, 13 Dec 2023 18:38:31 +0100
Subject: [PATCH 5/7] [mod] role:tlscert_acme_netcup:added challenge_delay
 variable

---
 ansible/roles/tlscert_acme_netcup/defaults/main.json | 1 +
 ansible/roles/tlscert_acme_netcup/tasks/main.json    | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/tlscert_acme_netcup/defaults/main.json b/ansible/roles/tlscert_acme_netcup/defaults/main.json
index bd60538..7349310 100644
--- a/ansible/roles/tlscert_acme_netcup/defaults/main.json
+++ b/ansible/roles/tlscert_acme_netcup/defaults/main.json
@@ -6,5 +6,6 @@
 	"var_tlscert_acme_netcup_netcup_api_key": "REPLACE_ME",
 	"var_tlscert_acme_netcup_domain_base": "example.org",
 	"var_tlscert_acme_netcup_domain_path": "foo",
+	"var_tlscert_acme_netcup_challenge_delay": 300,
 	"var_tlscert_acme_netcup_ssl_directory": "/etc/ssl"
 }
diff --git a/ansible/roles/tlscert_acme_netcup/tasks/main.json b/ansible/roles/tlscert_acme_netcup/tasks/main.json
index 4a9f98f..66db8c4 100644
--- a/ansible/roles/tlscert_acme_netcup/tasks/main.json
+++ b/ansible/roles/tlscert_acme_netcup/tasks/main.json
@@ -115,7 +115,7 @@
 		"name": "dns challenge | wait",
 		"when": "'challenge_data' in temp_acme_data",
 		"ansible.builtin.pause": {
-			"seconds": 300
+			"seconds": "{{var_tlscert_acme_netcup_challenge_delay}}"
 		}
 	},
 	{

From 2f1cd74a795f794ba392df4f1e0d0861aec8f851 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?= <frass@greenscale.de>
Date: Thu, 14 Dec 2023 09:56:19 +0100
Subject: [PATCH 6/7] [add] role:tlscert_existing

---
 .../roles/tlscert_existing/defaults/main.json |  7 ++++
 .../roles/tlscert_existing/tasks/main.json    | 32 +++++++++++++++++++
 2 files changed, 39 insertions(+)
 create mode 100644 ansible/roles/tlscert_existing/defaults/main.json
 create mode 100644 ansible/roles/tlscert_existing/tasks/main.json

diff --git a/ansible/roles/tlscert_existing/defaults/main.json b/ansible/roles/tlscert_existing/defaults/main.json
new file mode 100644
index 0000000..0a042c4
--- /dev/null
+++ b/ansible/roles/tlscert_existing/defaults/main.json
@@ -0,0 +1,7 @@
+{
+	"var_tlscert_existing_key_path": "/tmp/key.pem",
+	"var_tlscert_existing_cert_path": "/tmp/cert.pem",
+	"var_tlscert_existing_domain_base": "example.org",
+	"var_tlscert_existing_domain_path": "foo",
+	"var_tlscert_existing_ssl_directory": "/etc/ssl"
+}
diff --git a/ansible/roles/tlscert_existing/tasks/main.json b/ansible/roles/tlscert_existing/tasks/main.json
new file mode 100644
index 0000000..9b3ad3e
--- /dev/null
+++ b/ansible/roles/tlscert_existing/tasks/main.json
@@ -0,0 +1,32 @@
+[
+	{
+		"name": "directories",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "directory",
+			"path": "{{item}}"
+		},
+		"loop": [
+			"{{var_tlscert_existing_ssl_directory}}/private",
+			"{{var_tlscert_existing_ssl_directory}}/csr",
+			"{{var_tlscert_existing_ssl_directory}}/certs",
+			"{{var_tlscert_existing_ssl_directory}}/fullchains"
+		]
+	},
+	{
+		"name": "key",
+		"become": true,
+		"ansible.builtin.copy": {
+			"src": "{{var_tlscert_existing_key_path}}",
+			"dest": "{{var_tlscert_existing_ssl_directory}}/private/{{var_tlscert_existing_domain_path}}.{{var_tlscert_existing_domain_base}}.pem"
+		}
+	},
+	{
+		"name": "cert",
+		"become": true,
+		"ansible.builtin.copy": {
+			"src": "{{var_tlscert_existing_cert_path}}",
+			"dest": "{{var_tlscert_existing_ssl_directory}}/certs/{{var_tlscert_existing_domain_path}}.{{var_tlscert_existing_domain_base}}.pem"
+		}
+	}
+]

From 10a2e47a3f9f6fbf4f000ddd868d176d9cefc4b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?= <frass@greenscale.de>
Date: Thu, 14 Dec 2023 10:01:08 +0100
Subject: [PATCH 7/7] [mod] tls roles: use loop for setting up directories

---
 .../roles/tlscert_acme_inwx/tasks/main.json   | 42 ++++++-------------
 .../roles/tlscert_acme_netcup/tasks/main.json | 40 +++++-------------
 .../roles/tlscert_existing/tasks/main.json    | 10 ++---
 .../roles/tlscert_selfsigned/tasks/main.json  | 34 ++++-----------
 4 files changed, 36 insertions(+), 90 deletions(-)

diff --git a/ansible/roles/tlscert_acme_inwx/tasks/main.json b/ansible/roles/tlscert_acme_inwx/tasks/main.json
index 2dba8d0..d7016ba 100644
--- a/ansible/roles/tlscert_acme_inwx/tasks/main.json
+++ b/ansible/roles/tlscert_acme_inwx/tasks/main.json
@@ -10,39 +10,21 @@
 		}
 	},
 	{
-		"name": "setup directories | keys",
+		"name": "directories | ssl",
 		"become": true,
+		"loop": [
+			"{{var_tlscert_acme_inwx_ssl_directory}}/private",
+			"{{var_tlscert_acme_inwx_ssl_directory}}/csr",
+			"{{var_tlscert_acme_inwx_ssl_directory}}/certs",
+			"{{var_tlscert_acme_inwx_ssl_directory}}/fullchains"
+		],
 		"ansible.builtin.file": {
 			"state": "directory",
-			"path": "{{var_tlscert_acme_inwx_ssl_directory}}/private"
+			"path": "{{item}}"
 		}
 	},
 	{
-		"name": "setup directories | certs",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_acme_inwx_ssl_directory}}/certs"
-		}
-	},
-	{
-		"name": "setup directories | csr",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_acme_inwx_ssl_directory}}/csr"
-		}
-	},
-	{
-		"name": "setup directories | fullchains",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_acme_inwx_ssl_directory}}/fullchains"
-		}
-	},
-	{
-		"name": "setup directories | Let's Encrypt account key",
+		"name": "directories | Let's Encrypt account key",
 		"become": true,
 		"ansible.builtin.file": {
 			"state": "directory",
@@ -50,14 +32,14 @@
 		}
 	},
 	{
-		"name": "csr | generate private key",
+		"name": "key",
 		"become": true,
 		"community.crypto.openssl_privatekey": {
 			"path": "{{var_tlscert_acme_inwx_ssl_directory}}/private/{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}.pem"
 		}
 	},
 	{
-		"name": "csr | execute",
+		"name": "csr",
 		"become": true,
 		"community.crypto.openssl_csr": {
 			"common_name": "{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}",
@@ -66,7 +48,7 @@
 		}
 	},
 	{
-		"name": "acme | generate account key",
+		"name": "acme | account key",
 		"become": true,
 		"ansible.builtin.shell": {
 			"cmd": "test -f {{var_tlscert_acme_inwx_acme_account_key_path}} || openssl genrsa 4096 > {{var_tlscert_acme_inwx_acme_account_key_path}}"
diff --git a/ansible/roles/tlscert_acme_netcup/tasks/main.json b/ansible/roles/tlscert_acme_netcup/tasks/main.json
index 66db8c4..37ad51c 100644
--- a/ansible/roles/tlscert_acme_netcup/tasks/main.json
+++ b/ansible/roles/tlscert_acme_netcup/tasks/main.json
@@ -20,39 +20,21 @@
 		}
 	},
 	{
-		"name": "setup directories | keys",
+		"name": "directories | ssl",
 		"become": true,
+		"loop": [
+			"{{var_tlscert_acme_netcup_ssl_directory}}/private",
+			"{{var_tlscert_acme_netcup_ssl_directory}}/csr",
+			"{{var_tlscert_acme_netcup_ssl_directory}}/certs",
+			"{{var_tlscert_acme_netcup_ssl_directory}}/fullchains"
+		],
 		"ansible.builtin.file": {
 			"state": "directory",
-			"path": "{{var_tlscert_acme_netcup_ssl_directory}}/private"
+			"path": "{{item}}"
 		}
 	},
 	{
-		"name": "setup directories | certs",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_acme_netcup_ssl_directory}}/certs"
-		}
-	},
-	{
-		"name": "setup directories | csr",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_acme_netcup_ssl_directory}}/csr"
-		}
-	},
-	{
-		"name": "setup directories | fullchains",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_acme_netcup_ssl_directory}}/fullchains"
-		}
-	},
-	{
-		"name": "setup directories | Let's Encrypt account key",
+		"name": "directories | Let's Encrypt account key",
 		"become": true,
 		"ansible.builtin.file": {
 			"state": "directory",
@@ -60,14 +42,14 @@
 		}
 	},
 	{
-		"name": "csr | generate private key",
+		"name": "key",
 		"become": true,
 		"community.crypto.openssl_privatekey": {
 			"path": "{{var_tlscert_acme_netcup_ssl_directory}}/private/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem"
 		}
 	},
 	{
-		"name": "csr | execute",
+		"name": "csr",
 		"become": true,
 		"community.crypto.openssl_csr": {
 			"common_name": "{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}",
diff --git a/ansible/roles/tlscert_existing/tasks/main.json b/ansible/roles/tlscert_existing/tasks/main.json
index 9b3ad3e..63e9895 100644
--- a/ansible/roles/tlscert_existing/tasks/main.json
+++ b/ansible/roles/tlscert_existing/tasks/main.json
@@ -2,16 +2,16 @@
 	{
 		"name": "directories",
 		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{item}}"
-		},
 		"loop": [
 			"{{var_tlscert_existing_ssl_directory}}/private",
 			"{{var_tlscert_existing_ssl_directory}}/csr",
 			"{{var_tlscert_existing_ssl_directory}}/certs",
 			"{{var_tlscert_existing_ssl_directory}}/fullchains"
-		]
+		],
+		"ansible.builtin.file": {
+			"state": "directory",
+			"path": "{{item}}"
+		}
 	},
 	{
 		"name": "key",
diff --git a/ansible/roles/tlscert_selfsigned/tasks/main.json b/ansible/roles/tlscert_selfsigned/tasks/main.json
index dacb9f0..96d3863 100644
--- a/ansible/roles/tlscert_selfsigned/tasks/main.json
+++ b/ansible/roles/tlscert_selfsigned/tasks/main.json
@@ -10,35 +10,17 @@
 		}
 	},
 	{
-		"name": "setup directories | keys",
+		"name": "setup directories",
 		"become": true,
+		"loop": [
+			"{{var_tlscert_selfsigned_ssl_directory}}/private",
+			"{{var_tlscert_selfsigned_ssl_directory}}/csr",
+			"{{var_tlscert_selfsigned_ssl_directory}}/certs",
+			"{{var_tlscert_selfsigned_ssl_directory}}/fullchains"
+		],
 		"ansible.builtin.file": {
 			"state": "directory",
-			"path": "{{var_tlscert_selfsigned_ssl_directory}}/private"
-		}
-	},
-	{
-		"name": "setup directories | certs",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_selfsigned_ssl_directory}}/certs"
-		}
-	},
-	{
-		"name": "setup directories | csr",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_selfsigned_ssl_directory}}/csr"
-		}
-	},
-	{
-		"name": "setup directories | fullchains",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_selfsigned_ssl_directory}}/fullchains"
+			"path": "{{item}}"
 		}
 	},
 	{