From 22d541373a3f9aa279f8d9d95a2d04164679d2e4 Mon Sep 17 00:00:00 2001
From: "flyingscorpio@clevo" <tfranken@protonmail.com>
Date: Fri, 20 Jan 2023 14:17:46 +0100
Subject: [PATCH] Add letsencrypt renewal config for tunuifranken.info

---
 .../files/renewal/tunuifranken.info.conf      | 10 ++++++++
 roles/tunuifranken/tasks/letsencrypt.yml      | 23 +++++++++++++++----
 2 files changed, 29 insertions(+), 4 deletions(-)
 create mode 100644 roles/tunuifranken/files/renewal/tunuifranken.info.conf

diff --git a/roles/tunuifranken/files/renewal/tunuifranken.info.conf b/roles/tunuifranken/files/renewal/tunuifranken.info.conf
new file mode 100644
index 0000000..d64e5aa
--- /dev/null
+++ b/roles/tunuifranken/files/renewal/tunuifranken.info.conf
@@ -0,0 +1,10 @@
+archive_dir = /etc/letsencrypt/archive/tunuifranken.info
+cert = /etc/letsencrypt/live/tunuifranken.info/cert.pem
+privkey = /etc/letsencrypt/live/tunuifranken.info/privkey.pem
+chain = /etc/letsencrypt/live/tunuifranken.info/chain.pem
+fullchain = /etc/letsencrypt/live/tunuifranken.info/fullchain.pem
+
+[renewalparams]
+authenticator = webroot
+installer = null
+server = https://acme-v02.api.letsencrypt.org/directory
diff --git a/roles/tunuifranken/tasks/letsencrypt.yml b/roles/tunuifranken/tasks/letsencrypt.yml
index 31e2ac4..1841f25 100644
--- a/roles/tunuifranken/tasks/letsencrypt.yml
+++ b/roles/tunuifranken/tasks/letsencrypt.yml
@@ -12,14 +12,29 @@
 - name: Create needed directories
   become: true
   ansible.builtin.file:
-    path: "{{ item.path }}"
+    path: "{{ item }}"
     state: directory
     owner: root
     group: root
-    mode: "{{ item.mode }}"
+    mode: 0755
   with_items:
-    - {path: '/etc/letsencrypt/live', mode: '0700'}
-    - {path: '/etc/letsencrypt/live/tunuifranken.info', mode: '0755'}
+    - /etc/letsencrypt/archive
+    - /etc/letsencrypt/renewal
+    - /etc/letsencrypt/live
+    - /etc/letsencrypt/live/tunuifranken.info
+
+- name: Add webroot configuration for letsencrypt
+  become: true
+  ansible.builtin.lineinfile:
+    path: /etc/letsencrypt/cli.ini
+    line: webroot-path = /var/www/acme
+
+- name: Create renewal configuration for tunuifranken.info
+  become: true
+  ansible.builtin.copy:
+    src: renewal/tunuifranken.info.conf
+    dest: /etc/letsencrypt/renewal/tunuifranken.info.conf
+    mode: 0644
 
 - name: Create private key for account
   become: true