#
# $OpenBSD: acme-client.conf,v 1.4 2020/09/17 09:13:06 florian Exp $
#
# managed by Ansible

authority letsencrypt {
	api url "https://acme-v02.api.letsencrypt.org/directory"
	account key "/etc/acme/letsencrypt-privkey.pem"
}

domain {{ global.domain_name }} {
	domain key "/etc/ssl/private/{{ global.domain_name }}.key"
	domain certificate "/etc/ssl/{{ global.domain_name }}.crt"
	domain full chain certificate "/etc/ssl/{{ global.domain_name }}.fullchain.pem"
	sign with letsencrypt
}

{% for h in groups["servers"] %}
{% set h = dict(hostvars[h]) %}
{% for service in h.services if service.domain is defined %}
domain {{ service.domain }}.{{ global.domain_name }} {
	domain key "/etc/ssl/private/{{ service.domain }}.{{ global.domain_name }}.key"
	domain certificate "/etc/ssl/{{ service.domain }}.{{ global.domain_name }}.crt"
	domain full chain certificate "/etc/ssl/{{ service.domain }}.{{ global.domain_name }}.fullchain.pem"
	sign with letsencrypt
}
{% endfor %}
{% endfor %}