Add generation for subdomain in inventory

2 files changed, 20 insertions, 2 deletions

diff --git a/roles/acme/tasks/main.yml b/roles/acme/tasks/main.yml
index 4d0f67f..ff644a4 100644
--- a/roles/acme/tasks/main.yml
+++ b/roles/acme/tasks/main.yml
@@ -18,8 +18,13 @@
     group: "{{ group_root }}"
     mode: 0644
 
+- name: retrieve enabled domains
+  shell: grep "^domain" /etc/acme-client.conf | cut -d " " -f 2
+  register: subdomains
+
 - name: generate acme certificates
-  shell: acme-client -v {{ global.domain_name }}
+  shell: acme-client -v {{ item }}
+  loop: "{{ subdomains.stdout_lines }}"
   register: result
   failed_when: result.rc not in [ 0, 2 ]
 
@@ -32,4 +37,5 @@
     name: "automatic acme certificates update"
     minute: "0"
     hour: "6,18"
-    job: "acme-client -v {{ global.domain_name }}"
+    job: "acme-client -v {{ item }}"
+  loop: "{{ subdomains.stdout_lines }}"
diff --git a/roles/acme/templates/acme-client.conf.j2 b/roles/acme/templates/acme-client.conf.j2
index 3ff6971..0b9ea6c 100644
--- a/roles/acme/templates/acme-client.conf.j2
+++ b/roles/acme/templates/acme-client.conf.j2
@@ -14,3 +14,15 @@ domain {{ global.domain_name }} {
 	domain full chain certificate "/etc/ssl/{{ global.domain_name }}.fullchain.pem"
 	sign with letsencrypt
 }
+
+{% for h in groups["servers"] %}
+{% set h = dict(hostvars[h]) %}
+{% for service in h.services if service.domain is defined %}
+domain {{ service.domain }}.{{ global.domain_name }} {
+	domain key "/etc/ssl/private/{{ service.domain }}.{{ global.domain_name }}.key"
+	domain certificate "/etc/ssl/{{ service.domain }}.{{ global.domain_name }}.crt"
+	domain full chain certificate "/etc/ssl/{{ service.domain }}.{{ global.domain_name }}.fullchain.pem"
+	sign with letsencrypt
+}
+{% endfor %}
+{% endfor %}