Move certificates to Ansible Vault (#27)

roles/nginx/tasks/self-signed.yml

@@ -30,11 +30,13 @@
                     -days 3650 \
                     -sha256
   when: generate_cert.wildcard
-- name: copy wildcard certificate and key
+- name: copy wildcard certificate and key from vault
   copy:
-    src: "{{ item }}"
-    dest: "{{ data_folder }}/nginx/{{ item }}"
+    content: "{{ item.content }}"
+    dest: "{{ data_folder }}/nginx/{{ item.name }}"
+    owner: root
+    group: root
     mode: '0700'
-  loop:
-    - "{{ base_domain }}.crt"
-    - "{{ base_domain }}.key"
+  with_items:
+    - "{{ certificates }}"
+  no_log: true