Merge branch 'topic/uacme'

1 files changed, 25 insertions, 4 deletions

diff --git a/roles/x509/uacme/base/tasks/main.yml b/roles/x509/uacme/base/tasks/main.yml
index 3d1c8404..3473d541 100644
--- a/roles/x509/uacme/base/tasks/main.yml
+++ b/roles/x509/uacme/base/tasks/main.yml
@@ -7,7 +7,7 @@
     state: present
 
 - name: create acme account key
-  command: "uacme -c /var/lib/uacme.d -a '{{ uacme_directory_server }}' -y new '{{ uacme_account_email }}'"
+  command: "uacme -c /var/lib/uacme.d -a '{{ uacme_directory_server }}' -y{% if uacme_eab is defined %} -e {{ uacme_eab }}{% endif %} new '{{ uacme_account_email }}'"
   args:
     creates: /var/lib/uacme.d/private/key.pem
 
@@ -44,7 +44,28 @@
         alias {{ uacme_challenge_webroot_path | default('/var/run/acme/acme-challenge') }}/;
       }
 
-- name: generate selfsigned interim certificate
-  include_tasks: selfsigned.yml
+- name: install reconcile script
+  template:
+    src: uacme-reconcile.sh.j2
+    dest: /usr/local/bin/uacme-reconcile.sh
+    mode: 0755
 
-## TODO: add global automatic refresher?
+- name: install systemd unit for automatic refresh
+  loop:
+  - service
+  - timer
+  template:
+    src: "uacme-reconcile.{{ item }}.j2"
+    dest: "/etc/systemd/system/uacme-reconcile.{{ item }}"
+
+- name: create system unit snippet directory
+  file:
+    path: /etc/systemd/system/uacme-reconcile.service.d/
+    state: directory
+
+- name: make sure systemd timer for automatic refresh is enabled and started
+  systemd:
+    daemon_reload: yes
+    name: uacme-reconcile.timer
+    state: started
+    enabled: yes