4 files changed, 37 insertions, 32 deletions

diff --git a/roles/acme/defaults/main.yml b/roles/acme/defaults/main.yml
index 81d3b2b..1665d3a 100644
--- a/roles/acme/defaults/main.yml
+++ b/roles/acme/defaults/main.yml
@@ -1,9 +1,9 @@
 ---
 
-acme_configuration_file: /etc/acme-client.conf
-acme_certificates_dir: /etc/ssl
-acme_keys_dir: /etc/ssl/private
+acme__configuration_file: /etc/acme-client.conf
+acme__certificates_dir: /etc/ssl
+acme__keys_dir: /etc/ssl/private
 
-acme_authority_name: letsencrypt
-acme_authority_url: https://acme-v02.api.letsencrypt.org/directory
-acme_authority_key: /etc/acme/letsencrypt-privkey.pem
+acme__authority_name: letsencrypt
+acme__authority_url: https://acme-v02.api.letsencrypt.org/directory
+acme__authority_key: /etc/acme/letsencrypt-privkey.pem
diff --git a/roles/acme/meta/main.yml b/roles/acme/meta/main.yml
index 0458175..f3eccc3 100644
--- a/roles/acme/meta/main.yml
+++ b/roles/acme/meta/main.yml
@@ -5,7 +5,7 @@ argument_specs:
     short_description: acme main entrypoint.
     options:
 
-      acme_rules:
+      acme__rules:
         type: list
         elements: dict
         required: true
@@ -15,37 +15,37 @@ argument_specs:
             required: true
             description: Acme domain name
 
-      acme_authority_name:
+      acme__authority_name:
         type: str
         required: true
         description: Acme authority name
 
-      acme_authority_url:
+      acme__authority_url:
         type: str
         required: true
         description: Acme authority api url
 
-      acme_authority_key:
+      acme__authority_key:
         type: path
         required: true
         description: Acme authority key file
 
-      acme_certificates_dir:
+      acme__certificates_dir:
         type: path
         required: true
         description: Acme certificates directory
 
-      acme_keys_dir:
+      acme__keys_dir:
         type: path
         required: true
         description: Acme keys directory
 
-      acme_configuration_file:
+      acme__configuration_file:
         type: path
         required: true
         description: Acme configuration file
 
-      relayd_connected_hosts:
+      relayd__connected_hosts:
         type: str
         required: true
         description: Group name of hosts for generating certificates
diff --git a/roles/acme/tasks/main.yml b/roles/acme/tasks/main.yml
index 040c176..0435265 100644
--- a/roles/acme/tasks/main.yml
+++ b/roles/acme/tasks/main.yml
@@ -3,7 +3,7 @@
 - name: generate acme-client configuration
   ansible.builtin.template:
     src: acme-client.conf.j2
-    dest: "{{ acme_configuration_file }}"
+    dest: "{{ acme__configuration_file }}"
     owner: 0
     group: 0
     mode: "0644"
@@ -11,20 +11,20 @@
 - name: retrieve enabled domains
   ansible.builtin.shell: |
     set -o pipefail
-    grep "^domain" {{ acme_configuration_file }} | cut -d " " -f 2
-  register: acme_result_subdomains
+    grep "^domain" {{ acme__configuration_file }} | cut -d " " -f 2
+  register: acme__result_subdomains
   changed_when: false
 
 - name: generate acme certificates
   ansible.builtin.command: acme-client -v {{ item }}
-  loop: "{{ acme_result_subdomains.stdout_lines }}"
-  register: acme_result_generation
-  failed_when: acme_result_generation.rc == 1
-  changed_when: acme_result_generation.rc != 2
+  loop: "{{ acme__result_subdomains.stdout_lines }}"
+  register: acme__result_generation
+  failed_when: acme__result_generation.rc == 1
+  changed_when: acme__result_generation.rc != 2
 
 - name: display registered certificates
   ansible.builtin.debug:
-    msg: "{{ acme_result_generation.results | map(attribute='stderr')
+    msg: "{{ acme__result_generation.results | map(attribute='stderr')
       | join('\n') }}"
 
 - name: enable automatic acme certificates update
@@ -33,4 +33,9 @@
     minute: 0
     hour: 6,18
     job: "acme-client -v {{ item }} && rcctl reload relayd"
-  loop: "{{ acme_result_subdomains.stdout_lines }}"
+  loop: "{{ acme__result_subdomains.stdout_lines }}"
+
+- name: restart relayd
+  ansible.builtin.service:
+    name: relayd
+    state: restarted
diff --git a/roles/acme/templates/acme-client.conf.j2 b/roles/acme/templates/acme-client.conf.j2
index 9453cec..00c2f60 100644
--- a/roles/acme/templates/acme-client.conf.j2
+++ b/roles/acme/templates/acme-client.conf.j2
@@ -1,19 +1,19 @@
 # managed by Ansible
 {% import 'macros.j2' as macros with context %}
 
-authority {{ acme_authority_name }} {
-	api url "{{ acme_authority_url }}"
-	account key "{{ acme_authority_key }}"
+authority {{ acme__authority_name }} {
+	api url "{{ acme__authority_url }}"
+	account key "{{ acme__authority_key }}"
 }
 
-{% call(h) macros.loop_valid_hosts(relayd_connected_hosts) -%}
-{% for rule in h.acme_rules %}
+{% call(h) macros.loop_valid_hosts(relayd__connected_hosts) -%}
+{% for rule in h.acme__rules %}
 
 domain {{ rule.domain }} {
-	alternative names { www.{{ rule.domain }} }
-	domain key "{{ acme_keys_dir }}/{{ rule.domain }}.key"
-	domain full chain certificate "{{ acme_certificates_dir }}/{{ rule.domain }}.crt"
-	sign with {{ acme_authority_name }}
+	# alternative names { www.{{ rule.domain }} }
+	domain key "{{ acme__keys_dir }}/{{ rule.domain }}.key"
+	domain full chain certificate "{{ acme__certificates_dir }}/{{ rule.domain }}.crt"
+	sign with {{ acme__authority_name }}
 }
 {% endfor %}
 {%- endcall %}