From b72676a1bbb3000e109c2d5213bbdef1bc73c4d3 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Mon, 11 Aug 2025 10:39:54 -0500
Subject: [PATCH] nextcloud: Fetch HTTPS cert from Kubernetes

Since Nextcloud uses the _pyrocufflink.net_ wildcard certificate, we can
load it directly from the Kubernetes Secret, rather than from the file
in the _certs_ submodule, just like Gitea et al.
---
 hosts                         | 1 +
 roles/nextcloud/meta/main.yml | 8 --------
 2 files changed, 1 insertion(+), 8 deletions(-)

diff --git a/hosts b/hosts
index f25e0b9..1dcffea 100644
--- a/hosts
+++ b/hosts
@@ -278,6 +278,7 @@ file0.pyrocufflink.blue
 [wildcard-cert:children]
 file-servers
 gitea
+nextcloud
 pxe
 
 [zezere]
diff --git a/roles/nextcloud/meta/main.yml b/roles/nextcloud/meta/main.yml
index 5804638..a0a6823 100644
--- a/roles/nextcloud/meta/main.yml
+++ b/roles/nextcloud/meta/main.yml
@@ -3,11 +3,3 @@ dependencies:
 - role: redis
   tags:
   - redis
-- role: cert
-  vars:
-    cert_src: lego/_.pyrocufflink.net.crt
-    cert_dest: '{{ apache_ssl_certificate }}'
-    cert_key_src: lego/_.pyrocufflink.net.key
-    cert_key_dest: '{{ apache_ssl_certificate_key }}'
-  tags:
-  - nextcloud