From 5b08c3fb96e54e0ae8ae1d650658b27dcdfd78de Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Tue, 8 Aug 2023 00:42:56 +0200
Subject: make acmetool cert role more generic (WIP - needs more testing)

---
 chaos-at-home/ch-http-proxy.yml |  4 ++++
 chaos-at-home/ch-imap-proxy.yml | 11 ++++++++---
 2 files changed, 12 insertions(+), 3 deletions(-)

(limited to 'chaos-at-home')

diff --git a/chaos-at-home/ch-http-proxy.yml b/chaos-at-home/ch-http-proxy.yml
index 0376fcd5..67e3521a 100644
--- a/chaos-at-home/ch-http-proxy.yml
+++ b/chaos-at-home/ch-http-proxy.yml
@@ -6,6 +6,10 @@
   - role: core/base
   - role: core/sshd/base
   - role: core/zsh
+
+- name: Payload Setup
+  hosts: ch-http-proxy
+  roles:
   - role: apt-repo/spreadspace
   - role: x509/acmetool/base
   - role: nginx/base
diff --git a/chaos-at-home/ch-imap-proxy.yml b/chaos-at-home/ch-imap-proxy.yml
index 936140bc..1c05f28b 100644
--- a/chaos-at-home/ch-imap-proxy.yml
+++ b/chaos-at-home/ch-imap-proxy.yml
@@ -6,10 +6,15 @@
   - role: core/base
   - role: core/sshd/base
   - role: core/zsh
+
+- name: Payload Setup
+  hosts: ch-imap-proxy
+  roles:
   - role: apt-repo/spreadspace
   - role: x509/acmetool/base
   - role: x509/acmetool/cert
-    acmetool_cert_name: "imap.chaos-at-home.org"
+    acmetool_cert_hostnames:
+    - "imap.chaos-at-home.org"
     acmetool_cert_config:
       request:
         challenge:
@@ -25,8 +30,8 @@
       dest: /etc/stunnel/imap.conf
       content: |
         pid = /var/run/stunnel-imap.pid
-        cert = /var/lib/acme/live/imap.chaos-at-home.org/fullchain
-        key = /var/lib/acme/live/imap.chaos-at-home.org/privkey
+        cert = {{ x509_certificate_path_fullchain }}
+        key = {{ x509_certificate_path_key }}
 
         [imap]
         client = yes
-- 
cgit v1.2.3