From 9e3d30552284725ed845b077e4de7ae9c1f4a62e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20Ob=C5=AFrka?= <r.oburka@gmail.com>
Date: Sun, 27 Nov 2016 18:18:59 +0100
Subject: acme: Add support to specify reload command per certificate

---
 roles/acme/tasks/main.yml    | 5 +++--
 roles/acme/templates/acme.j2 | 5 +++++
 2 files changed, 8 insertions(+), 2 deletions(-)

(limited to 'roles/acme')

diff --git a/roles/acme/tasks/main.yml b/roles/acme/tasks/main.yml
index d9c1a0a..424beea 100644
--- a/roles/acme/tasks/main.yml
+++ b/roles/acme/tasks/main.yml
@@ -37,13 +37,14 @@
     owner: root
     group: root
     mode: 0440
+    validate: visudo -c -f %s
 
 - name: Issue certificates
   become: yes
   become_user: acme
-  command: '.acme.sh/acme.sh --issue -d {{ item | join(" -d ") }} -w /home/acme/webroot/ --reloadcmd "sudo {{ acme_reload_cmd }}"'
+  command: '.acme.sh/acme.sh --issue -d {{ item.name | mandatory }}{% if item.alt is defined %} -d{% endif %} {{ item.alt | default([]) | join(" -d ") }} -w /home/acme/webroot/ --reloadcmd "sudo {{ item.reloadcmd | default(acme_reload_cmd) }}"'
   args:
     chdir: /home/acme
-    creates: "/home/acme/.acme.sh/{{ item[0] }}/{{ item[0] }}.cer"
+    creates: "/home/acme/.acme.sh/{{ item.name | mandatory }}/{{ item.name }}.cer"
   with_items:
   - "{{ acme_issue_certs }}"
diff --git a/roles/acme/templates/acme.j2 b/roles/acme/templates/acme.j2
index dc61823..54f2bf0 100644
--- a/roles/acme/templates/acme.j2
+++ b/roles/acme/templates/acme.j2
@@ -1 +1,6 @@
 acme ALL=(ALL) NOPASSWD: {{ acme_reload_cmd }}
+{% for item in acme_issue_certs %}
+{% if item.reloadcmd is defined %}
+acme ALL=(ALL) NOPASSWD: {{ item.reloadcmd }}
+{% endif %}
+{% endfor %}
-- 
cgit v1.2.3