From 147c971dab3a92f78e9bfeb45273a3426d64d274 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Mon, 8 Oct 2018 10:22:33 +0200
Subject: added acmetool snakeoil cert for bootstraping

---
 roles/acmetool/base/tasks/main.yml | 34 ++++++++++++++++++++++++++++++++--
 1 file changed, 32 insertions(+), 2 deletions(-)

(limited to 'roles/acmetool/base')

diff --git a/roles/acmetool/base/tasks/main.yml b/roles/acmetool/base/tasks/main.yml
index 0a853133..220da2e7 100644
--- a/roles/acmetool/base/tasks/main.yml
+++ b/roles/acmetool/base/tasks/main.yml
@@ -4,9 +4,11 @@
     msg: "Check distribution_release"
   failed_when: (ansible_distribution == 'Debian' and ansible_distribution_major_version < 9) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version < 17) or (ansible_distribution != 'Debian' and ansible_distribution != 'Ubuntu')
 
-- name: install acmetool
+- name: install needed packages
   apt:
-    name: acmetool
+    name:
+      - acmetool
+      - ssl-cert
     state: present
 
 - name: create initial directory structure
@@ -33,6 +35,34 @@
   args:
     creates: /var/lib/acme/conf/target
 
+- name: create directory for snakeoil cert
+  file:
+    path: /etc/ssl/acmetool-snakeoil
+    state: directory
+
+- name: create symlinks to snakeoil cert/key
+  file:
+    src: "/etc/ssl/{{ item.src }}"
+    dest: "/etc/ssl/acmetool-snakeoil/{{ item.dest }}"
+    state: link
+  with_items:
+    - src: certs/ssl-cert-snakeoil.pem
+      dest: cert
+    - src: certs/ssl-cert-snakeoil.pem
+      dest: fullchain
+    - src: private/ssl-cert-snakeoil.key
+      dest: privkey
+
+- name: create additional files for snakeoil cert
+  copy:
+    content: "{{ item.content }}"
+    dest: "/etc/ssl/acmetool-snakeoil/{{ item.dest }}"
+  with_items:
+    - content: ""
+      dest: chain
+    - content: "http://example.com/nonexistent\n"
+      dest: url
+
 - name: install service reload configuration
   template:
     src: acme-reload.j2
-- 
cgit v1.2.3