ctucx.git: ansible-configs

My personal ansible roles and playbooks [deprecated in favor of nixos]

commit 11d108b75d5c0ab7e81cc399cbd7b904a59f90bd
parent 2ba4c58126e6483f230ba5372c96aab7976f0635
Author: Leah (ctucx) <leah@ctu.cx>
Date: Sun, 21 Feb 2021 17:51:52 +0100

roles/acme-redirect: clear unmanaged cert-configs, use handlers for restart

7 files changed, 67 insertions(+), 18 deletions(-)
A
roles/acme-redirect/handlers/main.yml
|
17
+++++++++++++++++
M
roles/acme-redirect/tasks/configure.yml
|
34
++++++++++++++++++++++++++++------
M
roles/acme-redirect/tasks/install.yml
|
5
+++--
M
roles/acme-redirect/tasks/main.yml
|
9
++++++---
M
roles/acme-redirect/tasks/start.yml
|
8
++++----
M
roles/acme-redirect/templates/acme-redirect-general.conf.j2
|
2
++
M
roles/acme-redirect/templates/acme-redirect.conf.j2
|
10
+++++++---
diff --git a/roles/acme-redirect/handlers/main.yml b/roles/acme-redirect/handlers/main.yml
@@ -0,0 +1,17 @@
+---
+
+- name: "[OpenRC] Restart service: acme-redirect (to deploy config changes)"
+  service:
+    name: acme-redirect
+    state: restarted
+  when:
+    - ansible_service_mgr == "openrc"
+  listen: "Restart acme-redirect"
+
+- name: "[systemd] Restart service: acme-redirect (to deploy config changes)"
+  systemd:
+    name: acme-redirect
+    state: restarted
+  when:
+    - ansible_service_mgr == "systemd"
+  listen: "Restart acme-redirect"

diff --git a/roles/acme-redirect/tasks/configure.yml b/roles/acme-redirect/tasks/configure.yml
@@ -14,23 +14,21 @@
   when:
     - ansible_distribution == "Archlinux"
 
-- name: Create acme-redirect.conf
+- name: "Create file: /etc/acme-redirect.conf"
   template:
     src: acme-redirect-general.conf.j2
     dest: /etc/acme-redirect.conf
     owner: acme-redirect
     group: acme-redirect
+  notify: "Restart acme-redirect"
 
-- name: clean cert-config directory
+- name: "Create directory: /etc/acme-redirect.d"
   file:
-    state: "{{ item }}"
+    state: "directory"
     path: /etc/acme-redirect.d
     owner: acme-redirect
     group: acme-redirect
     mode: 0755
-  with_items:
-    - absent
-    - directory
   when:
     - services.acme_redirect.certs is defined
 

@@ -42,5 +40,28 @@
     group: acme-redirect
     mode: 0644
   loop: "{{ lookup('dict', services.acme_redirect.certs, wantlist=True) }}"
+  register: acme_redirect_deployed_configs
+  notify: "Restart acme-redirect"
+  when:
+    - services.acme_redirect.certs is defined
+
+- name: "Collect files in directory: /etc/acme-redirect.d"
+  find:
+    path: /etc/acme-redirect.d
+    hidden: yes
+  register: acme_redirect_found_files
+  check_mode: no
+  changed_when: false
+  when:
+    - services.acme_redirect.certs is defined
+
+- name: "Remove unmanaged files in directory: /etc/acme-redirect.d"
+  file:
+    path: "/etc/acme-redirect.d/{{ item.path | basename }}"
+    state: absent
+  with_items:
+    - "{{ acme_redirect_found_files.files }}"
+  notify: "Restart acme-redirect"
   when:
     - services.acme_redirect.certs is defined
+    - (item.path) not in ( acme_redirect_deployed_configs | json_query('results[].invocation.module_args.dest') | default([]) )+
\ No newline at end of file

diff --git a/roles/acme-redirect/tasks/install.yml b/roles/acme-redirect/tasks/install.yml
@@ -7,6 +7,7 @@
     update_cache: yes
   when:
     - ansible_distribution == "Alpine"
+  notify: "Restart acme-redirect"
 
 - name: "[Archlinux] Install package: acme-redirect"
   pacman:

@@ -14,4 +15,5 @@
     state: present
     update_cache: yes
   when:
-    - ansible_distribution == "Archlinux"-
\ No newline at end of file
+    - ansible_distribution == "Archlinux"
+  notify: "Restart acme-redirect"

diff --git a/roles/acme-redirect/tasks/main.yml b/roles/acme-redirect/tasks/main.yml
@@ -10,16 +10,19 @@
     - services.acme_redirect.enable is defined
     - services.acme_redirect.enable is true
 
-- include: start.yml
+- include: firewall.yml
   when:
     - services.acme_redirect.enable is defined
     - services.acme_redirect.enable is true
+    - network.nftables.enable is true
 
-- include: firewall.yml
+- include: start.yml
   when:
     - services.acme_redirect.enable is defined
     - services.acme_redirect.enable is true
-    - network.nftables.enable is true
+
+- name: Run handlers
+  meta: flush_handlers
 
 - include: remove.yml
   when:

diff --git a/roles/acme-redirect/tasks/start.yml b/roles/acme-redirect/tasks/start.yml
@@ -1,18 +1,18 @@
 ---
 
-- name: "[OpenRC] Enable and restart service: acme-redirect"
+- name: "[OpenRC] Enable and start service: acme-redirect"
   service:
     name: acme-redirect
     enabled: yes
-    state: restarted
+    state: started
   when:
     - ansible_service_mgr == "openrc"
 
-- name: "[systemd] Enable and restart service: acme-redirect"
+- name: "[systemd] Enable and start service: acme-redirect"
   systemd:
     name: acme-redirect
     enabled: yes
-    state: restarted
+    state: started
   when:
     - ansible_service_mgr == "systemd"
 

diff --git a/roles/acme-redirect/templates/acme-redirect-general.conf.j2 b/roles/acme-redirect/templates/acme-redirect-general.conf.j2
@@ -5,3 +5,4 @@
 [acme]
 acme_email = "{{ services.acme_redirect.email }}"
 acme_url   = "{{ services.acme_redirect.acme_url }}"
+renew_if_days_left = {{ services.acme_redirect.renew_if_days_left | default(30) }}+
\ No newline at end of file

diff --git a/roles/acme-redirect/templates/acme-redirect.conf.j2 b/roles/acme-redirect/templates/acme-redirect.conf.j2
@@ -3,14 +3,18 @@
 #
 
 [cert]
-name      = "{{item.key}}"
+name      = "{{ item.key }}"
 dns_names = [
+{% if item.value.dns_names is defined %}
 {% for domain in item.value.dns_names %}
-    "{{domain}}",
+    "{{ domain }}",
 {% endfor %}
+{% else %}
+	"{{ item.key }}",
+{% endif %}
 ]
 exec = [
 {% for task in item.value.renew_tasks %}
-    "{{task}}",
+    "{{ task }}",
 {% endfor %}
 ]