feat(roles/acme): add argument specs

1 files changed, 10 insertions, 17 deletions

diff --git a/roles/acme/templates/acme-client.conf.j2 b/roles/acme/templates/acme-client.conf.j2
index 583c3d5..a6516c6 100644
--- a/roles/acme/templates/acme-client.conf.j2
+++ b/roles/acme/templates/acme-client.conf.j2
@@ -1,26 +1,19 @@
 # managed by Ansible
 {% import 'macros.j2' as macros with context %}
 
-authority letsencrypt {
-	api url "https://acme-v02.api.letsencrypt.org/directory"
-	account key "/etc/acme/letsencrypt-privkey.pem"
+authority {{ acme_authority.name }} {
+	api url "{{ acme_authority.url }}"
+	account key "{{ acme_authority.key }}"
 }
 
-domain {{ acme_domain_name }} {
-	alternative names { www.{{ acme_domain_name }} }
-	domain key "/etc/ssl/private/{{ acme_domain_name }}.key"
-	domain full chain certificate "/etc/ssl/{{ acme_domain_name }}.crt"
-	sign with letsencrypt
-}
+{% call(h) macros.loop_valid_hosts(relayd_connected_hosts) -%}
+{% for rule in h.acme_rules %}
 
-{% call(h) macros.loop_valid_hosts("servers") -%}
-{% for name, rules in h.acme_rules.items() if rules.domain is defined %}
-domain {{ rules.domain }}.{{ acme_domain_name }} {
-	{% set domain = rules.domain ~ "." ~ acme_domain_name %}
-	alternative names { www.{{ domain }} }
-	domain key "/etc/ssl/private/{{ domain }}.key"
-	domain full chain certificate "/etc/ssl/{{ domain }}.crt"
-	sign with letsencrypt
+domain {{ rule.domain }} {
+	alternative names { www.{{ rule.domain }} }
+	domain key "{{ acme_keys_dir }}/{{ rule.domain }}.key"
+	domain full chain certificate "{{ acme_certificates_dir }}/{{ rule.domain }}.crt"
+	sign with {{ acme_authority.name }}
 }
 {% endfor %}
 {%- endcall %}