aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRomain Gonçalves <me@rgoncalves.se>2024-01-01 13:28:29 +0100
committerRomain Gonçalves <me@rgoncalves.se>2024-01-01 13:28:29 +0100
commit420ed95b61e65439a20d6079c940aedfa8b82c29 (patch)
treed8bc2411da67864f950995c8d17af0cdbb6f4d29
parente5a65b550c719f427e0bb46f2e3149092b9e6285 (diff)
downloadrules-420ed95b61e65439a20d6079c940aedfa8b82c29.tar.gz
refactor(roles/acme): flatten authority variables
-rw-r--r--roles/acme/defaults/main.yml7
-rw-r--r--roles/acme/meta/main.yml28
-rw-r--r--roles/acme/tasks/main.yml2
-rw-r--r--roles/acme/templates/acme-client.conf.j28
4 files changed, 21 insertions, 24 deletions
diff --git a/roles/acme/defaults/main.yml b/roles/acme/defaults/main.yml
index cd713c6..81d3b2b 100644
--- a/roles/acme/defaults/main.yml
+++ b/roles/acme/defaults/main.yml
@@ -4,7 +4,6 @@ acme_configuration_file: /etc/acme-client.conf
acme_certificates_dir: /etc/ssl
acme_keys_dir: /etc/ssl/private
-acme_authority:
- name: letsencrypt
- url: https://acme-v02.api.letsencrypt.org/directory
- key: /etc/acme/letsencrypt-privkey.pem
+acme_authority_name: letsencrypt
+acme_authority_url: https://acme-v02.api.letsencrypt.org/directory
+acme_authority_key: /etc/acme/letsencrypt-privkey.pem
diff --git a/roles/acme/meta/main.yml b/roles/acme/meta/main.yml
index 924fd90..0458175 100644
--- a/roles/acme/meta/main.yml
+++ b/roles/acme/meta/main.yml
@@ -15,22 +15,20 @@ argument_specs:
required: true
description: Acme domain name
- acme_authority:
- type: dict
+ acme_authority_name:
+ type: str
required: true
- options:
- name:
- type: str
- required: true
- description: Acme authority name
- url:
- type: str
- required: true
- description: Acme authority api url
- key:
- type: path
- required: true
- description: Acme authority key file
+ description: Acme authority name
+
+ acme_authority_url:
+ type: str
+ required: true
+ description: Acme authority api url
+
+ acme_authority_key:
+ type: path
+ required: true
+ description: Acme authority key file
acme_certificates_dir:
type: path
diff --git a/roles/acme/tasks/main.yml b/roles/acme/tasks/main.yml
index c068ab5..040c176 100644
--- a/roles/acme/tasks/main.yml
+++ b/roles/acme/tasks/main.yml
@@ -11,7 +11,7 @@
- name: retrieve enabled domains
ansible.builtin.shell: |
set -o pipefail
- grep "^domain" /etc/acme-client.conf | cut -d " " -f 2
+ grep "^domain" {{ acme_configuration_file }} | cut -d " " -f 2
register: acme_result_subdomains
changed_when: false
diff --git a/roles/acme/templates/acme-client.conf.j2 b/roles/acme/templates/acme-client.conf.j2
index a6516c6..9453cec 100644
--- a/roles/acme/templates/acme-client.conf.j2
+++ b/roles/acme/templates/acme-client.conf.j2
@@ -1,9 +1,9 @@
# managed by Ansible
{% import 'macros.j2' as macros with context %}
-authority {{ acme_authority.name }} {
- api url "{{ acme_authority.url }}"
- account key "{{ acme_authority.key }}"
+authority {{ acme_authority_name }} {
+ api url "{{ acme_authority_url }}"
+ account key "{{ acme_authority_key }}"
}
{% call(h) macros.loop_valid_hosts(relayd_connected_hosts) -%}
@@ -13,7 +13,7 @@ domain {{ rule.domain }} {
alternative names { www.{{ rule.domain }} }
domain key "{{ acme_keys_dir }}/{{ rule.domain }}.key"
domain full chain certificate "{{ acme_certificates_dir }}/{{ rule.domain }}.crt"
- sign with {{ acme_authority.name }}
+ sign with {{ acme_authority_name }}
}
{% endfor %}
{%- endcall %}
remember that computers suck.