From eb8bf766a75043004fefe232c95212b4929e10d5 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Fri, 1 Jun 2018 16:45:12 +0200
Subject: [PATCH] Allow deploy tasks after create and renew actions

---
 tasks/cert_deploy.yml   | 23 +++++++++++++++++++++++
 tasks/cert_generate.yml |  2 ++
 tasks/renew.yml         |  5 +++++
 3 files changed, 30 insertions(+)
 create mode 100644 tasks/cert_deploy.yml

diff --git a/tasks/cert_deploy.yml b/tasks/cert_deploy.yml
new file mode 100644
index 0000000..4916497
--- /dev/null
+++ b/tasks/cert_deploy.yml
@@ -0,0 +1,23 @@
+---
+# file: roles/letsencrypt/tasks/cert_deploy.yml
+
+- block:
+
+  - name: "Deploy Cert"
+    shell: 'openssl {{ cert.export.type }} -export -out /tmp/{{ cert.domain }}.deploy -inkey privkey.pem -in cert.pem -certfile chain.pem -password pass:'
+    args:
+      chdir: '/etc/letsencrypt/live/{{ cert.domain }}'
+
+  - name: "Attribute deployed cert"
+    copy:
+      src: '/tmp/{{ cert.domain }}.deploy'
+      dest: '{{ cert.export.dest }}'
+      remote_src: yes
+      owner: '{{ cert.export.owner }}'
+      group: '{{ cert.export.group }}'
+
+  when: cert.export is defined
+  tags:
+    - 'ApacheConfig'
+    - 'Certs'
+    - 'renew'
diff --git a/tasks/cert_generate.yml b/tasks/cert_generate.yml
index 9130641..f0ef40e 100644
--- a/tasks/cert_generate.yml
+++ b/tasks/cert_generate.yml
@@ -31,6 +31,8 @@
       jump: 'ACCEPT'
       state: 'absent'
 
+  - include_tasks: cert_deploy.yml
+
   - name: "Start services"
     service:
       name: '{{ item }}'
diff --git a/tasks/renew.yml b/tasks/renew.yml
index 1436860..31d5e18 100644
--- a/tasks/renew.yml
+++ b/tasks/renew.yml
@@ -33,6 +33,11 @@
     jump: 'ACCEPT'
     state: 'absent'
 
+- include_tasks: cert_deploy.yml
+  with_items: '{{ letsencrypt_certificates|default([]) }}'
+  loop_control:
+    loop_var: cert
+
 - name: "Build HaProxy Certs"
   import_tasks: '../../haproxy/tasks/buildcerts.yml'
   tags: 'always'
-- 
GitLab