acme: Add support to specify reload command per certificateHEADmaster

2 files changed, 8 insertions, 2 deletions

diff --git a/roles/acme/tasks/main.yml b/roles/acme/tasks/main.yml
index d9c1a0a..424beea 100644
--- a/roles/acme/tasks/main.yml
+++ b/roles/acme/tasks/main.yml
@@ -37,13 +37,14 @@
     owner: root
     group: root
     mode: 0440
+    validate: visudo -c -f %s
 
 - name: Issue certificates
   become: yes
   become_user: acme
-  command: '.acme.sh/acme.sh --issue -d {{ item | join(" -d ") }} -w /home/acme/webroot/ --reloadcmd "sudo {{ acme_reload_cmd }}"'
+  command: '.acme.sh/acme.sh --issue -d {{ item.name | mandatory }}{% if item.alt is defined %} -d{% endif %} {{ item.alt | default([]) | join(" -d ") }} -w /home/acme/webroot/ --reloadcmd "sudo {{ item.reloadcmd | default(acme_reload_cmd) }}"'
   args:
     chdir: /home/acme
-    creates: "/home/acme/.acme.sh/{{ item[0] }}/{{ item[0] }}.cer"
+    creates: "/home/acme/.acme.sh/{{ item.name | mandatory }}/{{ item.name }}.cer"
   with_items:
   - "{{ acme_issue_certs }}"
diff --git a/roles/acme/templates/acme.j2 b/roles/acme/templates/acme.j2
index dc61823..54f2bf0 100644
--- a/roles/acme/templates/acme.j2
+++ b/roles/acme/templates/acme.j2
@@ -1 +1,6 @@
 acme ALL=(ALL) NOPASSWD: {{ acme_reload_cmd }}
+{% for item in acme_issue_certs %}
+{% if item.reloadcmd is defined %}
+acme ALL=(ALL) NOPASSWD: {{ item.reloadcmd }}
+{% endif %}
+{% endfor %}