Make whole role more flexible

ebbba-org · Dec 22, 2023 · 84172b5 · 84172b5
1 parent 0ed425a
commit 84172b5
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 8 deletions.
diff --git a/defaults/main.yaml b/defaults/main.yaml
@@ -1,24 +1,42 @@
 ---
+# The acme.sh mail address where mails will be send to
 acme_letsencrypt_email: "acme@domain.tld"
+
 # The hostname - default to "{{ inventory_hostname }}" you may want to use ansible_fqdn instead
 acme_hostname: "{{ inventory_hostname }}"
+
 # The API URL of the authority
 # Want to use staging certs: https://acme-staging-v02.api.letsencrypt.org/directory
 acme_letsencrypt_api: https://acme-v02.api.letsencrypt.org/directory
+# acme_letsencrypt_api: https://acme-staging-v02.api.letsencrypt.org/directory
+
+# The acme.sh repo, in case you run a mirror or fork
 acme_letsencrypt_repo: https://github.com/acmesh-official/acme.sh.git
+
 # Where the certs will be installed to
 acme_letsencrypt_dir: /opt/acme
 acme_letsencrypt_version: master
 acme_letsencrypt_keep_updated: true
+
+# The acme.sh folder locations
+acme_home: "/root/.acme.sh"
+acme_config_home: "/root/.acme.sh"
+acme_certhome: "/root/.acme.sh"
+acme_accountkey: "/root/.acme.sh/account.key"
+acme_days: "30"
+
 # https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert
+# The acme.sh instlal command
 acme_letsencrypt_install_command: >-
   {{ acme_letsencrypt_script }} --install
-  --home /root/.acme.sh
-  --config-home /root/.acme.sh
-  --certhome /root/.acme.sh
-  --days 30
+  --home {{ acme_home }}
+  --config-home {{ acme_config_home }}
+  --certhome {{ acme_certhome }}
+  --days {{ acme_days }}
   --accountemail {{ acme_letsencrypt_email }}
-  --accountkey /root/.acme.sh/account.key
+  --accountkey {{ acme_accountkey }}
+
+# The acme.sh create command
 acme_letsencrypt_create_command: >-
   {{ acme_letsencrypt_script }} --issue --domain {{ acme_hostname }}
   --standalone
@@ -27,3 +45,8 @@ acme_letsencrypt_create_command: >-
   --pre-hook "systemctl stop nginx.service"
   --post-hook "systemctl start nginx.service"
   --server {{ acme_letsencrypt_api }}
+
+# these variables are used in the acme_letsencrypt_create_command task
+acme_environment_varaibles:
+  email: "{{ acme_letsencrypt_email }}"
+  DO_API_KEY: "{{ DO_API_KEY | default('') }}"
diff --git a/tasks/main.yaml b/tasks/main.yaml
@@ -32,9 +32,7 @@
 - name: Generate or renew certificate with acme.sh
   become: true
   ansible.builtin.command: "{{ acme_letsencrypt_create_command }}"
-  environment:
-    email: "{{ acme_letsencrypt_email }}"
-    DO_API_KEY: "{{ DO_API_KEY | default('') }}"
+  environment: "{{ acme_environment_varaibles }}"
   register: result
   changed_when: "'new certificate deployed' in result.stdout"
   failed_when: "result.rc not in [ 0, 2 ]"