diff options
author | Christian Pointner <equinox@spreadspace.org> | 2023-08-21 00:38:34 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2023-08-21 00:38:41 +0200 |
commit | 70e61b9184dfa81a39926e66722ed3c1743a91c3 (patch) | |
tree | 90741e004e19bf8cc9bc3137f7e7764cc64e8a77 /roles/x509/acmetool/cert/prepare/tasks/main.yml | |
parent | sk-testvm: prepare mumble for new tls cert roles (diff) |
apps/mumble: add new generic certificate renewal support
Diffstat (limited to 'roles/x509/acmetool/cert/prepare/tasks/main.yml')
-rw-r--r-- | roles/x509/acmetool/cert/prepare/tasks/main.yml | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/roles/x509/acmetool/cert/prepare/tasks/main.yml b/roles/x509/acmetool/cert/prepare/tasks/main.yml index 5bad1e5b..2db332b8 100644 --- a/roles/x509/acmetool/cert/prepare/tasks/main.yml +++ b/roles/x509/acmetool/cert/prepare/tasks/main.yml @@ -40,3 +40,40 @@ x509_certificate_path_cert: "/var/lib/acme/live/{{ acmetool_cert_hostnames[0] }}/cert" x509_certificate_path_chain: "/var/lib/acme/live/{{ acmetool_cert_hostnames[0] }}/chain" x509_certificate_path_fullchain: "/var/lib/acme/live/{{ acmetool_cert_hostnames[0] }}/fullchain" + +- name: setup custom renewal script + when: x509_certificate_renewal is defined + block: + - name: install custom hook script + template: + src: reload.sh.j2 + dest: "/etc/acme/hooks/{{ x509_certificate_name }}" + mode: 0755 + + - name: install acmetool systemd unit snippet + when: "'install' in x509_certificate_renewal" + copy: + dest: "/etc/systemd/system/acmetool.service.d/{{ x509_certificate_name }}.conf" + content: | + [Service] + {% for path in (x509_certificate_renewal.install | map(attribute='dest') | map('dirname') | unique | list) %} + ReadWritePaths={{ path }} + {% endfor %} + notify: reload systemd + + - name: remove acmetool systemd unit snippet + when: "'install' not in x509_certificate_renewal" + file: + path: "/etc/systemd/system/acmetool.service.d/{{ x509_certificate_name }}.conf" + state: absent + notify: reload systemd + +- name: remove custom renewal script + when: x509_certificate_renewal is not defined + loop: + - "/etc/systemd/system/acmetool.service.d/{{ x509_certificate_name }}.conf" + - "/etc/acme/hooks/{{ x509_certificate_name }}" + file: + path: "{{ item }}" + state: absent + notify: reload systemd |