From 42f023c73a2e30f17abff585b787b41f48d91042 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Fri, 5 Oct 2018 17:55:53 +0200
Subject: refactor acmetool role

---
 roles/acmetool/base/defaults/main.yml      | 12 ++++++++++++
 roles/acmetool/base/handlers/main.yml      |  5 +++++
 roles/acmetool/base/tasks/main.yml         | 25 +++++++++++++++++++++++++
 roles/acmetool/base/templates/responses.j2 | 12 ++++++++++++
 4 files changed, 54 insertions(+)
 create mode 100644 roles/acmetool/base/defaults/main.yml
 create mode 100644 roles/acmetool/base/handlers/main.yml
 create mode 100644 roles/acmetool/base/tasks/main.yml
 create mode 100644 roles/acmetool/base/templates/responses.j2

(limited to 'roles/acmetool/base')

diff --git a/roles/acmetool/base/defaults/main.yml b/roles/acmetool/base/defaults/main.yml
new file mode 100644
index 00000000..409523da
--- /dev/null
+++ b/roles/acmetool/base/defaults/main.yml
@@ -0,0 +1,12 @@
+---
+acmetool_directory_server_le_live: "https://acme-v01.api.letsencrypt.org/directory"
+acmetool_directory_server_le_staging: "https://acme-staging.api.letsencrypt.org/directory"
+
+## this can't be changed after the account as been created (aka after the first run)
+## and it's not recommended to keep this empty so we don't define it here which will lead to an error
+# acmetool_account_email:
+acmetool_directory_server: "{{ acmetool_directory_server_le_staging }}"
+
+acmetool_default_key_type: rsa
+acmetool_default_rsa_key_size: 4096
+acmetool_default_ecdsa_curve: nistp256
diff --git a/roles/acmetool/base/handlers/main.yml b/roles/acmetool/base/handlers/main.yml
new file mode 100644
index 00000000..3d6f1b76
--- /dev/null
+++ b/roles/acmetool/base/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: reconcile acmetool
+  systemd:
+    name: acmetool.service
+    state: started
diff --git a/roles/acmetool/base/tasks/main.yml b/roles/acmetool/base/tasks/main.yml
new file mode 100644
index 00000000..c2fc2c6c
--- /dev/null
+++ b/roles/acmetool/base/tasks/main.yml
@@ -0,0 +1,25 @@
+---
+- name: check if acmetool package is new enough
+  debug:
+    msg: "Check distribution_release"
+  failed_when: (ansible_distribution == 'Debian' and ansible_distribution_major_version < 9) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version < 17) or (ansible_distribution != 'Debian' and ansible_distribution != 'Ubuntu')
+
+- name: install acmetool
+  apt:
+    name: acmetool
+    state: present
+
+- name: create initial directory structure
+  command: acmetool --batch
+  args:
+    creates: /var/lib/acme/conf
+
+- name: create acmetool response file
+  template:
+    src: responses.j2
+    dest: /var/lib/acme/conf/responses
+
+- name: run quickstart to create account and default target configuration
+  command: acmetool --batch quickstart
+  args:
+    creates: /var/lib/acme/conf/target
diff --git a/roles/acmetool/base/templates/responses.j2 b/roles/acmetool/base/templates/responses.j2
new file mode 100644
index 00000000..a7bf2504
--- /dev/null
+++ b/roles/acmetool/base/templates/responses.j2
@@ -0,0 +1,12 @@
+"acme-enter-email": "{{ acmetool_account_email }}"
+"acme-agreement:https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf": true
+"acmetool-quickstart-choose-server": {{ acmetool_directory_server }}
+"acmetool-quickstart-choose-method": webroot
+"acmetool-quickstart-webroot-path": "/var/run/acme/acme-challenge"
+"acmetool-quickstart-complete": true
+"acmetool-quickstart-install-cronjob": false
+"acmetool-quickstart-install-haproxy-script": true
+"acmetool-quickstart-install-redirector-systemd": false
+"acmetool-quickstart-key-type": {{ acmetool_default_key_type }}
+"acmetool-quickstart-rsa-key-size": {{ acmetool_default_rsa_key_size }}
+"acmetool-quickstart-ecdsa-curve": {{ acmetool_default_ecdsa_curve }}
-- 
cgit v1.2.3