From 420ed95b61e65439a20d6079c940aedfa8b82c29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Gon=C3=A7alves?= Date: Mon, 1 Jan 2024 13:28:29 +0100 Subject: refactor(roles/acme): flatten authority variables --- roles/acme/defaults/main.yml | 7 +++---- roles/acme/meta/main.yml | 28 +++++++++++++--------------- roles/acme/tasks/main.yml | 2 +- roles/acme/templates/acme-client.conf.j2 | 8 ++++---- 4 files changed, 21 insertions(+), 24 deletions(-) diff --git a/roles/acme/defaults/main.yml b/roles/acme/defaults/main.yml index cd713c6..81d3b2b 100644 --- a/roles/acme/defaults/main.yml +++ b/roles/acme/defaults/main.yml @@ -4,7 +4,6 @@ acme_configuration_file: /etc/acme-client.conf acme_certificates_dir: /etc/ssl acme_keys_dir: /etc/ssl/private -acme_authority: - name: letsencrypt - url: https://acme-v02.api.letsencrypt.org/directory - key: /etc/acme/letsencrypt-privkey.pem +acme_authority_name: letsencrypt +acme_authority_url: https://acme-v02.api.letsencrypt.org/directory +acme_authority_key: /etc/acme/letsencrypt-privkey.pem diff --git a/roles/acme/meta/main.yml b/roles/acme/meta/main.yml index 924fd90..0458175 100644 --- a/roles/acme/meta/main.yml +++ b/roles/acme/meta/main.yml @@ -15,22 +15,20 @@ argument_specs: required: true description: Acme domain name - acme_authority: - type: dict + acme_authority_name: + type: str required: true - options: - name: - type: str - required: true - description: Acme authority name - url: - type: str - required: true - description: Acme authority api url - key: - type: path - required: true - description: Acme authority key file + description: Acme authority name + + acme_authority_url: + type: str + required: true + description: Acme authority api url + + acme_authority_key: + type: path + required: true + description: Acme authority key file acme_certificates_dir: type: path diff --git a/roles/acme/tasks/main.yml b/roles/acme/tasks/main.yml index c068ab5..040c176 100644 --- a/roles/acme/tasks/main.yml +++ b/roles/acme/tasks/main.yml @@ -11,7 +11,7 @@ - name: retrieve enabled domains ansible.builtin.shell: | set -o pipefail - grep "^domain" /etc/acme-client.conf | cut -d " " -f 2 + grep "^domain" {{ acme_configuration_file }} | cut -d " " -f 2 register: acme_result_subdomains changed_when: false diff --git a/roles/acme/templates/acme-client.conf.j2 b/roles/acme/templates/acme-client.conf.j2 index a6516c6..9453cec 100644 --- a/roles/acme/templates/acme-client.conf.j2 +++ b/roles/acme/templates/acme-client.conf.j2 @@ -1,9 +1,9 @@ # managed by Ansible {% import 'macros.j2' as macros with context %} -authority {{ acme_authority.name }} { - api url "{{ acme_authority.url }}" - account key "{{ acme_authority.key }}" +authority {{ acme_authority_name }} { + api url "{{ acme_authority_url }}" + account key "{{ acme_authority_key }}" } {% call(h) macros.loop_valid_hosts(relayd_connected_hosts) -%} @@ -13,7 +13,7 @@ domain {{ rule.domain }} { alternative names { www.{{ rule.domain }} } domain key "{{ acme_keys_dir }}/{{ rule.domain }}.key" domain full chain certificate "{{ acme_certificates_dir }}/{{ rule.domain }}.crt" - sign with {{ acme_authority.name }} + sign with {{ acme_authority_name }} } {% endfor %} {%- endcall %} -- cgit v1.2.3