Merge branch 'main' into dependabot/github_actions/actions/checkout-3…

….5.0
systemli · Apr 6, 2023 · ea41d73 · ea41d73
2 parents e3ea529 + 80bc54d
commit ea41d73
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 11 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -32,3 +32,6 @@ letsencrypt_subset_names: True
 
 # Set global extra commandline options for certbot
 letsencrypt_opts_extra: ""
+
+# Set path for letsencrypt directory (no trailing "/" !!)
+letsencrypt_directory: /etc/letsencrypt
diff --git a/tasks/certificate.yml b/tasks/certificate.yml
@@ -134,7 +134,7 @@
   block:
     - name: get dest of current private key
       file:
-        path: /etc/letsencrypt/live/{{ letsencrypt_cert.name }}/privkey.pem
+        path: "{{ letsencrypt_directory }}/live/{{ letsencrypt_cert.name }}/privkey.pem"
         state: link
       register: privkey
       check_mode: true

diff --git a/tasks/install.yml b/tasks/install.yml
@@ -11,25 +11,25 @@
         owner: root
         group: root
         mode: 0755
-    - name: create directory /etc/letsencrypt/keys
+    - name: create letsencrypt directory
       file:
-        dest: /etc/letsencrypt/keys
+        dest: "{{ letsencrypt_directory }}/keys"
         state: directory
         owner: root
         group: root
         mode: 0700
     - name: install certbot DNS challenge nsupdate key
       copy:
         content: "{{ letsencrypt_ddns_key }}"
-        dest: /etc/letsencrypt/keys/ddns_update.key
+        dest: "{{ letsencrypt_directory }}/keys/ddns_update.key"
         owner: root
         group: root
         mode: 0400
       when: letsencrypt_ddns_key|default()
     - name: install certbot DNS challenge nsupdate private key
       copy:
         content: "{{ letsencrypt_ddns_privkey }}"
-        dest: /etc/letsencrypt/keys/ddns_update.private
+        dest: "{{ letsencrypt_directory }}/keys/ddns_update.private"
         owner: root
         group: root
         mode: 0400
@@ -50,8 +50,8 @@
         group: letsencrypt
         mode: 0750
       with_items:
-        - /etc/letsencrypt/archive
-        - /etc/letsencrypt/live
+        - "{{ letsencrypt_directory }}/archive"
+        - "{{ letsencrypt_directory }}/live"
   when: letsencrypt_group
 
 - name: check if letsencrypt_account_email is set
@@ -65,7 +65,7 @@
 
 - name: check if a Let's Encrypt account exists
   stat:
-    path: /etc/letsencrypt/accounts
+    path: "{{ letsencrypt_directory }}/accounts"
   register: letsencrypt_reg_accounts_dir
 
 - name: prepare optional test cert option

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -1,7 +1,9 @@
 ---
 
-- import_tasks: install.yml
+- name: Import install tasks
+  import_tasks: install.yml
   when: letsencrypt_setup
 
-- import_tasks: certificate.yml
+- name: Import certificate tasks
+  import_tasks: certificate.yml
   when: letsencrypt_cert|d()
diff --git a/templates/certbot-dns-hook.sh.j2 b/templates/certbot-dns-hook.sh.j2
@@ -22,7 +22,7 @@ fi
 CERTBOT_DOMAIN="${CERTBOT_DOMAIN#\*\.}"
 
 # Key for the dynamic DNS updates
-DDNS_KEY='/etc/letsencrypt/keys/ddns_update.key'
+DDNS_KEY='{{ letsencrypt_directory }}/keys/ddns_update.key'
 
 # Nameserver with the dynamic zone
 SERVER="{{ letsencrypt_ddns_server|d() }}"