aboutsummaryrefslogtreecommitdiffstats
path: root/roles/acme/templates/acme-client.conf.j2
diff options
context:
space:
mode:
Diffstat (limited to 'roles/acme/templates/acme-client.conf.j2')
-rw-r--r--roles/acme/templates/acme-client.conf.j226
1 files changed, 26 insertions, 0 deletions
diff --git a/roles/acme/templates/acme-client.conf.j2 b/roles/acme/templates/acme-client.conf.j2
new file mode 100644
index 0000000..3792009
--- /dev/null
+++ b/roles/acme/templates/acme-client.conf.j2
@@ -0,0 +1,26 @@
+# managed by Ansible
+{% import 'macros.j2' as macros with context %}
+
+authority letsencrypt {
+ api url "https://acme-v02.api.letsencrypt.org/directory"
+ account key "/etc/acme/letsencrypt-privkey.pem"
+}
+
+domain {{ acme_domain_name }} {
+ alternative names { www.{{ acme_domain_name }} }
+ domain key "/etc/ssl/private/{{ acme_domain_name }}.key"
+ domain full chain certificate "/etc/ssl/{{ acme_domain_name }}.crt"
+ sign with letsencrypt
+}
+
+{% call(h) macros.loop_valid_hosts("servers") -%}
+{% for service in h.__services if service.domain is defined %}
+domain {{ service.domain }}.{{ acme_domain_name }} {
+ {% set domain = service.domain ~ "." ~ acme_domain_name %}
+ alternative names { www.{{ domain }} }
+ domain key "/etc/ssl/private/{{ domain }}.key"
+ domain full chain certificate "/etc/ssl/{{ domain }}.crt"
+ sign with letsencrypt
+}
+{% endfor %}
+{%- endcall %}
remember that computers suck.