3 files changed, 22 insertions, 0 deletions

diff --git a/roles/x509/acmetool/cert/finalize/defaults/main.yml b/roles/x509/acmetool/cert/finalize/defaults/main.yml
new file mode 100644
index 00000000..b9a80136
--- /dev/null
+++ b/roles/x509/acmetool/cert/finalize/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+acmetool_cert_hostnames: "{{ x509_certificate_hostnames }}"
+acmetool_cert_name: "{{ x509_certificate_name | default(acmetool_cert_hostnames[0]) }}"
+
+acmetool_reconcile_disabled: false
diff --git a/roles/x509/acmetool/cert/finalize/handlers/main.yml b/roles/x509/acmetool/cert/finalize/handlers/main.yml
new file mode 100644
index 00000000..02ffa598
--- /dev/null
+++ b/roles/x509/acmetool/cert/finalize/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+- name: reconcile acmetool
+  when: not acmetool_reconcile_disabled
+  systemd:
+    daemon_reload: yes
+    name: acmetool.service
+    state: started
diff --git a/roles/x509/acmetool/cert/finalize/tasks/main.yml b/roles/x509/acmetool/cert/finalize/tasks/main.yml
new file mode 100644
index 00000000..abb2d4cb
--- /dev/null
+++ b/roles/x509/acmetool/cert/finalize/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+- name: add acmetool desired file
+  vars:
+    acmetool_cert_satisfy:
+      satisfy:
+        names: "{{ acmetool_cert_hostnames }}"
+  copy:
+    content: "{{ acmetool_cert_config | default({}) | combine(acmetool_cert_satisfy) | to_nice_yaml }}"
+    dest: "/var/lib/acme/desired/{{ acmetool_cert_name }}"
+  notify: reconcile acmetool