✨ add cacert_remove variable to *remove* cacert certs

defaults/main.yml

@@ -0,0 +1,2 @@
+---
+cacert_remove: false

tasks/debian-remove.yml

@@ -0,0 +1,15 @@
+---
+
+- name: Remove CACert certificates
+  file:
+    path: /usr/local/share/ca-certificates/cacert.org/{{ item }}
+    state: absent
+  with_items:
+    - root.crt
+    - class3.crt
+  notify: Update Debian CA certificates
+
+- name: Remove CACert certificate directory
+  file:
+    path: /usr/local/share/ca-certificates/cacert.org
+    state: absent

tasks/main.yml

@@ -1,6 +1,10 @@
 ---
 - include_tasks: debian.yml
-  when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
+  when: not cacert_remove and (ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu')
+- include_tasks: debian-remove.yml
+  when:     cacert_remove and (ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu')
 
 - include_tasks: fedora.yml
-  when: ansible_distribution == 'Fedora'
+  when: not cacert_remove and ansible_distribution == 'Fedora'
+- include_tasks: fedora-remove.yml
+  when:     cacert_remove and ansible_distribution == 'Fedora'