nextcloud: Fetch HTTPS cert from Kubernetes

Since Nextcloud uses the _pyrocufflink.net_ wildcard certificate, we can
load it directly from the Kubernetes Secret, rather than from the file
in the _certs_ submodule, just like Gitea et al.

certs/websites/dustinandtabitha.com.cer

@@ -1 +0,0 @@
-../lego/dustinandtabitha.com.crt

certs/websites/dustinandtabitha.com.key

@@ -1 +0,0 @@
-../lego/dustinandtabitha.com.key

hosts

@@ -278,6 +278,7 @@ file0.pyrocufflink.blue
 [wildcard-cert:children]
 file-servers
 gitea
+nextcloud
 pxe
 
 [zezere]

roles/lego/files/lego-renew.timer

@@ -3,7 +3,7 @@ Description=Periodically renew certificates with LEGO
 
 [Timer]
 RandomizedDelaySec=15m
-OnActiveSec=4h
+OnCalendar=*-*-* 00/4:00:00
 
 [Install]
 WantedBy=timers.target

roles/nextcloud/meta/main.yml

@@ -3,11 +3,3 @@ dependencies:
 - role: redis
   tags:
   - redis
-- role: cert
-  vars:
-    cert_src: lego/_.pyrocufflink.net.crt
-    cert_dest: '{{ apache_ssl_certificate }}'
-    cert_key_src: lego/_.pyrocufflink.net.key
-    cert_key_dest: '{{ apache_ssl_certificate_key }}'
-  tags:
-  - nextcloud

roles/websites/dustinandtabitha.com/files/dustinandtabitha.httpd.conf

@@ -1,3 +1,5 @@
+MDomain dustinandtabitha.com
+
 <VirtualHost _default_:80>
 ServerName dustinandtabitha.com
 ServerAlias www.dustinandtabitha.com
@@ -11,8 +13,6 @@ ServerName dustinandtabitha.com
 ServerAlias www.dustinandtabitha.com
 
 Include conf.d/ssl.include
-SSLCertificateKeyFile /etc/pki/tls/private/dustinandtabitha.com.key
-SSLCertificateFile /etc/pki/tls/certs/dustinandtabitha.com.cer
 
 <IfModule mod_headers.c>
 	Header always set \

roles/websites/dustinandtabitha.com/meta/main.yml

@@ -1,9 +0,0 @@
-dependencies:
-- role: cert
-  vars:
-    cert_src: websites/dustinandtabitha.com.cer
-    cert_dest: /etc/pki/tls/certs/dustinandtabitha.com.cer
-    cert_key_src: websites/dustinandtabitha.com.key
-    cert_key_dest: /etc/pki/tls/private/dustinandtabitha.com.key
-  tags:
-  - websites/dustinandtabitha