From e0c43f330d5255ded801186f3c8a871333c38add Mon Sep 17 00:00:00 2001
From: David Kilias <david.kilias@gmail.com>
Date: Sun, 7 Feb 2021 21:32:05 +0100
Subject: [PATCH] reworkd directory creation and add certs dir

---
 roles/dehydrated/defaults/main.yml |  9 +++++----
 roles/dehydrated/tasks/main.yml    | 23 ++++++++++++++++-------
 2 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/roles/dehydrated/defaults/main.yml b/roles/dehydrated/defaults/main.yml
index fcbb9b4..8c68c9f 100644
--- a/roles/dehydrated/defaults/main.yml
+++ b/roles/dehydrated/defaults/main.yml
@@ -1,6 +1,7 @@
 ---
 dehydrated_version: "v0.7.0"
-dehydrated_location: /usr/local/share/dehydrated
-dehydrated_binary: /usr/local/bin/dehydrated
-dehydrated_config: /usr/local/etc/dehydrated
-dehydrated_wellknown: /usr/local/etc/dehydrated/challenge
+dehydrated_location: "/usr/local/share/dehydrated"
+dehydrated_binary: "/usr/local/bin/dehydrated"
+dehydrated_config_dir: "/usr/local/etc/dehydrated"
+dehydrated_certs_dir: "{{ dehydrated_config_dir }}/certs"
+dehydrated_wellknown_dir: "{{ dehydrated_config_dir }}/challenge"
diff --git a/roles/dehydrated/tasks/main.yml b/roles/dehydrated/tasks/main.yml
index ece7b48..847f61a 100644
--- a/roles/dehydrated/tasks/main.yml
+++ b/roles/dehydrated/tasks/main.yml
@@ -17,22 +17,31 @@
 
 - name: Ensure config directory is present.
   file:
-    path: "{{ dehydrated_config }}"
+    path: "{{ dehydrated_config_dir }}"
     state: directory
+    mode: "0711"
+
+- name: Ensure wellknown directory is present.
+  file:
+    path: "{{ dehydrated_wellknown_dir }}"
+    state: directory
+    mode: "0755"
+
+- name: Ensure certs directory is present.
+  file:
+    path: "{{ dehydrated_certs_dir }}"
+    state: directory
+    mode: "0700"
 
 - name: Ensure domains.txt is present.
   file:
-    path: "{{ dehydrated_config }}/domains.txt"
+    path: "{{ dehydrated_config_dir }}/domains.txt"
     state: touch
 
 - name: Ensure config is present.
   template:
     src: config.j2
-    dest: "{{ dehydrated_config }}/config"
+    dest: "{{ dehydrated_config_dir }}/config"
   notify: dehydrated register
 
-- name: Create wellknown directory.
-  file:
-    state: directory
-    path: /var/www/letsencrypt
   
\ No newline at end of file