More compatible playbook with new dna-gw hosts

playbooks/dna-gw.yml

@@ -15,9 +15,11 @@
   roles:
     - base
     - dhcpd
-    - nginx
+    - role: nginx
+      when: "'gw.home.foo.sh' in ssh_hostnames"
     - role: nginx_site
       nginx_site_name: gw.home.foo.sh
+      when: "'gw.home.foo.sh' in ssh_hostnames"
     - tftp
     - websockify
 
@@ -40,26 +42,26 @@
 
     - name: Copy DNS private key
       ansible.builtin.copy:
-        dest: "{{ tls_private }}/dns.home.foo.sh.key"
+        dest: "{{ tls_private }}/dns.{{ inventory_hostname.split('.')[1] }}.foo.sh.key"
         src: "{{ item }}"
         mode: "0600"
         owner: root
         group: "{{ ansible_wheel }}"
       with_first_found:
-        - /srv/letsencrypt/live/dns.home.foo.sh/privkey.pem
+        - "/srv/letsencrypt/live/dns.{{ inventory_hostname.split('.')[1] }}.foo.sh/privkey.pem"
         - "/srv/ca/private/{{ inventory_hostname }}.key"
       tags: certificates
       notify: Restart unbound
 
     - name: Copy DNS certificate and ca cert
       ansible.builtin.copy:
-        dest: "{{ tls_certs }}/dns.home.foo.sh.crt"
+        dest: "{{ tls_certs }}/dns.{{ inventory_hostname.split('.')[1] }}.foo.sh.crt"
         src: "{{ item }}"
         mode: "0644"
         owner: root
         group: "{{ ansible_wheel }}"
       with_first_found:
-        - /srv/letsencrypt/live/dns.home.foo.sh/fullchain.pem
+        - "/srv/letsencrypt/live/dns.{{ inventory_hostname.split('.')[1] }}.foo.sh/fullchain.pem"
         - "/srv/ca/certs/hosts/{{ inventory_hostname }}.crt"
       tags: certificates
       notify: Restart unbound
@@ -71,3 +73,4 @@
     - name: Import unbound_exporter role
       ansible.builtin.import_role:
         name: unbound_exporter
+      when: "'gw.home.foo.sh' in ssh_hostnames"