ansible-infra/playbooks/roles/cert/meta/argument_specs.yaml

---
argument_specs:
  main:
    short_description: Orders and renews certificates from Let's Encrypt
    options:
      cert__domains:
        description: Domains for which to issue a certificate. Must be in the same DNS zone.
        required: true
        type: list
        elements: str
      cert__owner:
        description: Owner of the certificate files.
        required: false
        type: str
        default: root
      cert__group:
        description: Group of the certificate files.
        required: false
        type: str
        default: root
      cert__acme_account_email:
        description: E-Mail address for ACME account
        required: true
        type: str
      cert__bind_9_host:
        description: The machine running BIND 9.
        required: true
        type: str
      cert__bind_9_zone:
        description: The zone to use for publishing the TXT record.
        required: true
        type: str
      cert__fullchain_pem_permissions:
        description: Permissons for the `fullchain.pem`.
        type: str
        required: false
        default: "0660"
      cert__chain_pem_permissions:
        description: Permissons for the `chain.pem`.
        type: str
        required: false
        default: "0660"
      cert__cert_pem_permissions:
        description: Permissons for the `cert.pem`.
        type: str
        required: false
        default: "0660"
      cert__privkey_pem_permissions:
        description: Permissons for the `privkey.pem`.
        type: str
        required: false
        default: "0600"