diff options
author | Christian Pointner <equinox@spreadspace.org> | 2022-12-22 13:01:30 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2022-12-22 13:01:30 +0100 |
commit | 18e0446c9c545f396d7737b406e6e207748e7926 (patch) | |
tree | f3f07876c819a4fb9845c6a098adfa9553ed7819 /roles/x509/acmetool/base/templates | |
parent | add prometheus snmp exporter (diff) |
move acmetool to new x509 subdir
Diffstat (limited to 'roles/x509/acmetool/base/templates')
-rw-r--r-- | roles/x509/acmetool/base/templates/acme-reload.j2 | 7 | ||||
-rw-r--r-- | roles/x509/acmetool/base/templates/responses.j2 | 15 | ||||
-rw-r--r-- | roles/x509/acmetool/base/templates/systemd-override.conf.j2 | 19 |
3 files changed, 41 insertions, 0 deletions
diff --git a/roles/x509/acmetool/base/templates/acme-reload.j2 b/roles/x509/acmetool/base/templates/acme-reload.j2 new file mode 100644 index 00000000..a679bc7d --- /dev/null +++ b/roles/x509/acmetool/base/templates/acme-reload.j2 @@ -0,0 +1,7 @@ +# This should contain a space-seperated list of services to be +# reloaded after new certificates are generated. An empty list +# disables reloading of any service +# +# example: SERVICES="apache2 nginx postfix" + +SERVICES="{{ acmetool_reload_services | join(' ') }}" diff --git a/roles/x509/acmetool/base/templates/responses.j2 b/roles/x509/acmetool/base/templates/responses.j2 new file mode 100644 index 00000000..981eba90 --- /dev/null +++ b/roles/x509/acmetool/base/templates/responses.j2 @@ -0,0 +1,15 @@ +"acme-enter-email": "{{ acmetool_account_email }}" +"acme-agreement:https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf": true +"acme-agreement:https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017-w-v1.3-notice.pdf": true +"acme-agreement:https://letsencrypt.org/documents/LE-SA-v1.3-August-10-2022.pdf": true +"acme-agreement:https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf": true +"acmetool-quickstart-choose-server": {{ acmetool_directory_server }} +"acmetool-quickstart-choose-method": webroot +"acmetool-quickstart-webroot-path": "{{ acmetool_challenge_webroot_path | default('/var/run/acme/acme-challenge') }}" +"acmetool-quickstart-complete": true +"acmetool-quickstart-install-cronjob": false +"acmetool-quickstart-install-haproxy-script": true +"acmetool-quickstart-install-redirector-systemd": false +"acmetool-quickstart-key-type": {{ acmetool_default_key_type }} +"acmetool-quickstart-rsa-key-size": {{ acmetool_default_rsa_key_size }} +"acmetool-quickstart-ecdsa-curve": {{ acmetool_default_ecdsa_curve }} diff --git a/roles/x509/acmetool/base/templates/systemd-override.conf.j2 b/roles/x509/acmetool/base/templates/systemd-override.conf.j2 new file mode 100644 index 00000000..5de58bdd --- /dev/null +++ b/roles/x509/acmetool/base/templates/systemd-override.conf.j2 @@ -0,0 +1,19 @@ +{% if acmetool_challenge_webroot_path is defined %} +[Unit] +# In case the webroot path is hosted by a filesystem that is +# using a systemd automount unit the ReadWritePaths= below does +# prevent the unit from being loaded when the filesystem is +# not yet mounted. +RequiresMountsFor={{ acmetool_challenge_webroot_path }} + +{% endif %} +[Service] +{% if acmetool_http_proxy is defined %} +Environment=http_proxy={{ acmetool_http_proxy }} +{% endif %} +{% if acmetool_https_proxy is defined %} +Environment=https_proxy={{ acmetool_https_proxy }} +{% endif %} +{% if acmetool_challenge_webroot_path is defined %} +ReadWritePaths={{ acmetool_challenge_webroot_path }} +{% endif %} |