From 18e0446c9c545f396d7737b406e6e207748e7926 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Thu, 22 Dec 2022 13:01:30 +0100
Subject: move acmetool to new x509 subdir

---
 roles/x509/acmetool/base/tasks/main.yml | 65 +++++++++++++++++++++++++++++++++
 1 file changed, 65 insertions(+)
 create mode 100644 roles/x509/acmetool/base/tasks/main.yml

(limited to 'roles/x509/acmetool/base/tasks/main.yml')

diff --git a/roles/x509/acmetool/base/tasks/main.yml b/roles/x509/acmetool/base/tasks/main.yml
new file mode 100644
index 00000000..5f2ae4ab
--- /dev/null
+++ b/roles/x509/acmetool/base/tasks/main.yml
@@ -0,0 +1,65 @@
+---
+- name: check if acmetool package is new enough
+  ansible.builtin.debug:
+    msg: "Check distribution_release"
+  failed_when: (ansible_distribution == 'Debian' and (ansible_distribution_major_version | int) < 9) or (ansible_distribution == 'Ubuntu' and (ansible_distribution_major_version | int) < 17) or (ansible_distribution != 'Debian' and ansible_distribution != 'Ubuntu')
+
+- name: install needed packages
+  ansible.builtin.apt:
+    name:
+    - acmetool
+    - "{{ python_basename }}-openssl"
+    state: present
+
+- name: create initial directory structure
+  ansible.builtin.command: acmetool --batch
+  args:
+    creates: /var/lib/acme/conf
+
+- name: create acmetool response file
+  ansible.builtin.template:
+    src: responses.j2
+    dest: /var/lib/acme/conf/responses
+
+- name: create non-standard acmetool webroot path
+  ansible.builtin.file:
+    name: "{{ acmetool_challenge_webroot_path }}"
+    state: directory
+  when: acmetool_challenge_webroot_path is defined
+
+- name: run quickstart to create account and default target configuration
+  ansible.builtin.command: acmetool --batch quickstart
+  environment:
+    http_proxy: "{{ acmetool_http_proxy | default('') }}"
+    https_proxy: "{{ acmetool_https_proxy | default('') }}"
+  args:
+    creates: /var/lib/acme/conf/target
+
+- name: generate selfsigned interim certificate
+  ansible.builtin.include_tasks: selfsigned.yml
+
+- name: install service reload configuration
+  ansible.builtin.template:
+    src: acme-reload.j2
+    dest: /etc/default/acme-reload
+    owner: root
+    group: root
+    mode: 0644
+  when: acmetool_reload_services is defined
+
+- name: create system unit snippet directory
+  ansible.builtin.file:
+    path: /etc/systemd/system/acmetool.service.d/
+    state: directory
+
+- name: install systemd unit snippet
+  ansible.builtin.template:
+    src: systemd-override.conf.j2
+    dest: /etc/systemd/system/acmetool.service.d/override.conf
+
+- name: enable/start systemd timer for acmetool
+  ansible.builtin.systemd:
+    name: acmetool.timer
+    state: started
+    enabled: yes
+    daemon_reload: yes
-- 
cgit v1.2.3