diff options
| author | Romain Gonçalves <me@rgoncalves.se> | 2024-01-01 13:28:29 +0100 |
|---|---|---|
| committer | Romain Gonçalves <me@rgoncalves.se> | 2024-01-01 13:28:29 +0100 |
| commit | 420ed95b61e65439a20d6079c940aedfa8b82c29 (patch) | |
| tree | d8bc2411da67864f950995c8d17af0cdbb6f4d29 | |
| parent | e5a65b550c719f427e0bb46f2e3149092b9e6285 (diff) | |
| download | rules-420ed95b61e65439a20d6079c940aedfa8b82c29.tar.gz | |
refactor(roles/acme): flatten authority variables
| -rw-r--r-- | roles/acme/defaults/main.yml | 7 | ||||
| -rw-r--r-- | roles/acme/meta/main.yml | 28 | ||||
| -rw-r--r-- | roles/acme/tasks/main.yml | 2 | ||||
| -rw-r--r-- | roles/acme/templates/acme-client.conf.j2 | 8 |
4 files changed, 21 insertions, 24 deletions
diff --git a/roles/acme/defaults/main.yml b/roles/acme/defaults/main.yml index cd713c6..81d3b2b 100644 --- a/roles/acme/defaults/main.yml +++ b/roles/acme/defaults/main.yml @@ -4,7 +4,6 @@ acme_configuration_file: /etc/acme-client.conf acme_certificates_dir: /etc/ssl acme_keys_dir: /etc/ssl/private -acme_authority: - name: letsencrypt - url: https://acme-v02.api.letsencrypt.org/directory - key: /etc/acme/letsencrypt-privkey.pem +acme_authority_name: letsencrypt +acme_authority_url: https://acme-v02.api.letsencrypt.org/directory +acme_authority_key: /etc/acme/letsencrypt-privkey.pem diff --git a/roles/acme/meta/main.yml b/roles/acme/meta/main.yml index 924fd90..0458175 100644 --- a/roles/acme/meta/main.yml +++ b/roles/acme/meta/main.yml @@ -15,22 +15,20 @@ argument_specs: required: true description: Acme domain name - acme_authority: - type: dict + acme_authority_name: + type: str required: true - options: - name: - type: str - required: true - description: Acme authority name - url: - type: str - required: true - description: Acme authority api url - key: - type: path - required: true - description: Acme authority key file + description: Acme authority name + + acme_authority_url: + type: str + required: true + description: Acme authority api url + + acme_authority_key: + type: path + required: true + description: Acme authority key file acme_certificates_dir: type: path diff --git a/roles/acme/tasks/main.yml b/roles/acme/tasks/main.yml index c068ab5..040c176 100644 --- a/roles/acme/tasks/main.yml +++ b/roles/acme/tasks/main.yml @@ -11,7 +11,7 @@ - name: retrieve enabled domains ansible.builtin.shell: | set -o pipefail - grep "^domain" /etc/acme-client.conf | cut -d " " -f 2 + grep "^domain" {{ acme_configuration_file }} | cut -d " " -f 2 register: acme_result_subdomains changed_when: false diff --git a/roles/acme/templates/acme-client.conf.j2 b/roles/acme/templates/acme-client.conf.j2 index a6516c6..9453cec 100644 --- a/roles/acme/templates/acme-client.conf.j2 +++ b/roles/acme/templates/acme-client.conf.j2 @@ -1,9 +1,9 @@ # managed by Ansible {% import 'macros.j2' as macros with context %} -authority {{ acme_authority.name }} { - api url "{{ acme_authority.url }}" - account key "{{ acme_authority.key }}" +authority {{ acme_authority_name }} { + api url "{{ acme_authority_url }}" + account key "{{ acme_authority_key }}" } {% call(h) macros.loop_valid_hosts(relayd_connected_hosts) -%} @@ -13,7 +13,7 @@ domain {{ rule.domain }} { alternative names { www.{{ rule.domain }} } domain key "{{ acme_keys_dir }}/{{ rule.domain }}.key" domain full chain certificate "{{ acme_certificates_dir }}/{{ rule.domain }}.crt" - sign with {{ acme_authority.name }} + sign with {{ acme_authority_name }} } {% endfor %} {%- endcall %} |