diff --git a/requirements.yml b/requirements.yml
index 0e5a058..83440c2 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -3,3 +3,5 @@
version: v1.9.0
- src: git+https://github.com/adriagalin/ansible.timezone.git
version: 3.0.0
+- src: git+https://github.com/24367dfa/ansible-role-dehydrated.git
+ version: 1.0.0
\ No newline at end of file
diff --git a/roles/dehydrated/README.md b/roles/dehydrated/README.md
deleted file mode 100644
index ada63a9..0000000
--- a/roles/dehydrated/README.md
+++ /dev/null
@@ -1,20 +0,0 @@
-# Dehydrated
-
-Ansible role to configure dehydrated
-
-## Usage
-
-```yaml
-vars:
- dehydrated_force_update: True
- dehydrated_domains:
- - name: example.com
- alternate_names:
- - www.example.com
- - web.example.com
- deploy_challenge_hook: printf 'server 127.0.0.1\nupdate add _acme-challenge.%s 300 IN TXT "%s"\nsend\n' "${DOMAIN}" "${TOKEN_VALUE}" | nsupdate -k /var/run/named/session.key
- clean_challenge_hook: printf 'server 127.0.0.1\nupdate delete _acme-challenge.%s TXT "%s"\nsend\n' "${DOMAIN}" "${TOKEN_VALUE}" | nsupdate -k /var/run/named/session.key
-
-roles:
- - role: dehydrated
-```
\ No newline at end of file
diff --git a/roles/dehydrated/defaults/main.yml b/roles/dehydrated/defaults/main.yml
deleted file mode 100644
index 41442df..0000000
--- a/roles/dehydrated/defaults/main.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-dehydrated_version: "v0.7.0"
-dehydrated_contact_email: ""
-dehydrated_location: "/usr/local/share/dehydrated"
-dehydrated_binary: "/usr/local/bin/dehydrated"
-dehydrated_config_dir: "/usr/local/etc/dehydrated"
-dehydrated_certs_dir: "{{ dehydrated_config_dir }}/certs"
-dehydrated_wellknown_dir: "{{ dehydrated_config_dir }}/challenge"
-dehydrated_domains:
\ No newline at end of file
diff --git a/roles/dehydrated/handlers/main.yml b/roles/dehydrated/handlers/main.yml
deleted file mode 100644
index 5a55b3a..0000000
--- a/roles/dehydrated/handlers/main.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-- name: dehydrated register
- command: "{{ dehydrated_binary }} --register --accept-terms"
-
-- name: dehydrated run
- command: "{{ dehydrated_binary }} --cron"
- when: dehydrated_force_update|default(False)|bool
\ No newline at end of file
diff --git a/roles/dehydrated/tasks/domains.yml b/roles/dehydrated/tasks/domains.yml
deleted file mode 100644
index aa020d4..0000000
--- a/roles/dehydrated/tasks/domains.yml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-- name: Ensure domain directories are present.
- file:
- name: "{{ dehydrated_certs_dir }}/{{ item.name }}"
- state: directory
- with_items: "{{ dehydrated_domains }}"
-
-- name: Render hook script templates.
- template:
- src: hook.sh.j2
- dest: "{{ dehydrated_certs_dir }}/{{ item.name }}/hook.sh"
- with_items: "{{ dehydrated_domains }}"
-
-- name: Ensure Domains are in domains.txt
- lineinfile:
- path: "{{ dehydrated_config_dir }}/domains.txt"
- line: "{{ item.name }}{% if 'alternate_names' in item %}{% for an in item.alternate_names %} {{ an|default(omit) }}{% endfor %}{% endif %}"
- with_items: "{{ dehydrated_domains }}"
- notify: dehydrated run
\ No newline at end of file
diff --git a/roles/dehydrated/tasks/install.yml b/roles/dehydrated/tasks/install.yml
deleted file mode 100644
index b1e2065..0000000
--- a/roles/dehydrated/tasks/install.yml
+++ /dev/null
@@ -1,52 +0,0 @@
----
-- name: Gather package facts.
- package_facts:
- manager: "auto"
-
-- name: Ensure git and curl are installed.
- package:
- name:
- - git
- - curl
- state: present
-
-- name: Clone dehydrated repo.
- git:
- repo: 'https://github.com/dehydrated-io/dehydrated.git'
- dest: "{{ dehydrated_location }}"
- version: "{{ dehydrated_version }}"
-
-- name: Ensure dehydrated symlink is present.
- file:
- src: "{{ dehydrated_location }}/dehydrated"
- dest: "{{ dehydrated_binary }}"
- state: link
-
-- name: Ensure config directory is present.
- file:
- path: "{{ dehydrated_config_dir }}"
- state: directory
- mode: "0711"
-
-- name: Ensure wellknown directory is present.
- file:
- path: "{{ dehydrated_wellknown_dir }}"
- state: directory
- mode: "0755"
-
-- name: Ensure certs directory is present.
- file:
- path: "{{ dehydrated_certs_dir }}"
- state: directory
- mode: "0700"
-
-- name: Ensure domains.txt is present.
- file:
- path: "{{ dehydrated_config_dir }}/domains.txt"
- state: touch
-
-- name: Ensure config is present.
- template:
- src: config.j2
- dest: "{{ dehydrated_config_dir }}/config"
- notify: dehydrated register
\ No newline at end of file
diff --git a/roles/dehydrated/tasks/main.yml b/roles/dehydrated/tasks/main.yml
deleted file mode 100644
index f440275..0000000
--- a/roles/dehydrated/tasks/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-- include_tasks: install.yml
-- include_tasks: domains.yml
- when: dehydrated_domains is iterable
\ No newline at end of file
diff --git a/roles/dehydrated/templates/config.j2 b/roles/dehydrated/templates/config.j2
deleted file mode 100644
index 113d8dc..0000000
--- a/roles/dehydrated/templates/config.j2
+++ /dev/null
@@ -1,2 +0,0 @@
-WELLKNOWN={{ dehydrated_wellknown_dir }}
-CONTACT_EMAIL={{ dehydrated_contact_email }}
diff --git a/roles/dehydrated/templates/hook.sh.j2 b/roles/dehydrated/templates/hook.sh.j2
deleted file mode 100644
index ebd8bbd..0000000
--- a/roles/dehydrated/templates/hook.sh.j2
+++ /dev/null
@@ -1,233 +0,0 @@
-#!/usr/bin/env bash
-
-# This Script is copied from https://github.com/dehydrated-io/dehydrated/blob/v0.7.0/docs/examples/hook.sh
-# and modified to accept per domain hooks as item.*_hook when using ansible.template
-
-deploy_challenge() {
- local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
-
- # This hook is called once for every domain that needs to be
- # validated, including any alternative names you may have listed.
- #
- # Parameters:
- # - DOMAIN
- # The domain name (CN or subject alternative name) being
- # validated.
- # - TOKEN_FILENAME
- # The name of the file containing the token to be served for HTTP
- # validation. Should be served by your web server as
- # /.well-known/acme-challenge/${TOKEN_FILENAME}.
- # - TOKEN_VALUE
- # The token value that needs to be served for validation. For DNS
- # validation, this is what you want to put in the _acme-challenge
- # TXT record. For HTTP validation it is the value that is expected
- # be found in the $TOKEN_FILENAME file.
-
- # Simple example: Use nsupdate with local named
- # printf 'server 127.0.0.1\nupdate add _acme-challenge.%s 300 IN TXT "%s"\nsend\n' "${DOMAIN}" "${TOKEN_VALUE}" | nsupdate -k /var/run/named/session.key
- {{ item.deploy_challenge_hook|default("") }}
-}
-
-clean_challenge() {
- local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
-
- # This hook is called after attempting to validate each domain,
- # whether or not validation was successful. Here you can delete
- # files or DNS records that are no longer needed.
- #
- # The parameters are the same as for deploy_challenge.
-
- # Simple example: Use nsupdate with local named
- # printf 'server 127.0.0.1\nupdate delete _acme-challenge.%s TXT "%s"\nsend\n' "${DOMAIN}" "${TOKEN_VALUE}" | nsupdate -k /var/run/named/session.key
- {{ item.clean_challenge_hook|default("") }}
-}
-
-sync_cert() {
- local KEYFILE="${1}" CERTFILE="${2}" FULLCHAINFILE="${3}" CHAINFILE="${4}" REQUESTFILE="${5}"
-
- # This hook is called after the certificates have been created but before
- # they are symlinked. This allows you to sync the files to disk to prevent
- # creating a symlink to empty files on unexpected system crashes.
- #
- # This hook is not intended to be used for further processing of certificate
- # files, see deploy_cert for that.
- #
- # Parameters:
- # - KEYFILE
- # The path of the file containing the private key.
- # - CERTFILE
- # The path of the file containing the signed certificate.
- # - FULLCHAINFILE
- # The path of the file containing the full certificate chain.
- # - CHAINFILE
- # The path of the file containing the intermediate certificate(s).
- # - REQUESTFILE
- # The path of the file containing the certificate signing request.
-
- # Simple example: sync the files before symlinking them
- # sync "${KEYFILE}" "${CERTFILE}" "${FULLCHAINFILE}" "${CHAINFILE}" "${REQUESTFILE}"
- {{ item.sync_cert_hook|default("") }}
-}
-
-deploy_cert() {
- local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}"
-
- # This hook is called once for each certificate that has been
- # produced. Here you might, for instance, copy your new certificates
- # to service-specific locations and reload the service.
- #
- # Parameters:
- # - DOMAIN
- # The primary domain name, i.e. the certificate common
- # name (CN).
- # - KEYFILE
- # The path of the file containing the private key.
- # - CERTFILE
- # The path of the file containing the signed certificate.
- # - FULLCHAINFILE
- # The path of the file containing the full certificate chain.
- # - CHAINFILE
- # The path of the file containing the intermediate certificate(s).
- # - TIMESTAMP
- # Timestamp when the specified certificate was created.
-
- # Simple example: Copy file to nginx config
- # cp "${KEYFILE}" "${FULLCHAINFILE}" /etc/nginx/ssl/; chown -R nginx: /etc/nginx/ssl
- # systemctl reload nginx
- {{ item.deploy_cert_hook|default("") }}
-}
-
-deploy_ocsp() {
- local DOMAIN="${1}" OCSPFILE="${2}" TIMESTAMP="${3}"
-
- # This hook is called once for each updated ocsp stapling file that has
- # been produced. Here you might, for instance, copy your new ocsp stapling
- # files to service-specific locations and reload the service.
- #
- # Parameters:
- # - DOMAIN
- # The primary domain name, i.e. the certificate common
- # name (CN).
- # - OCSPFILE
- # The path of the ocsp stapling file
- # - TIMESTAMP
- # Timestamp when the specified ocsp stapling file was created.
-
- # Simple example: Copy file to nginx config
- # cp "${OCSPFILE}" /etc/nginx/ssl/; chown -R nginx: /etc/nginx/ssl
- # systemctl reload nginx
- {{ item.deploy_ocsp_hook|default("") }}
-}
-
-
-unchanged_cert() {
- local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"
-
- # This hook is called once for each certificate that is still
- # valid and therefore wasn't reissued.
- #
- # Parameters:
- # - DOMAIN
- # The primary domain name, i.e. the certificate common
- # name (CN).
- # - KEYFILE
- # The path of the file containing the private key.
- # - CERTFILE
- # The path of the file containing the signed certificate.
- # - FULLCHAINFILE
- # The path of the file containing the full certificate chain.
- # - CHAINFILE
- # The path of the file containing the intermediate certificate(s).
- {{ item.unchanged_cert_hook|default("") }}
-}
-
-invalid_challenge() {
- local DOMAIN="${1}" RESPONSE="${2}"
-
- # This hook is called if the challenge response has failed, so domain
- # owners can be aware and act accordingly.
- #
- # Parameters:
- # - DOMAIN
- # The primary domain name, i.e. the certificate common
- # name (CN).
- # - RESPONSE
- # The response that the verification server returned
-
- # Simple example: Send mail to root
- # printf "Subject: Validation of ${DOMAIN} failed!\n\nOh noez!" | sendmail root
- {{ item.invalid_challenge_hook|default("") }}
-}
-
-request_failure() {
- local STATUSCODE="${1}" REASON="${2}" REQTYPE="${3}" HEADERS="${4}"
-
- # This hook is called when an HTTP request fails (e.g., when the ACME
- # server is busy, returns an error, etc). It will be called upon any
- # response code that does not start with '2'. Useful to alert admins
- # about problems with requests.
- #
- # Parameters:
- # - STATUSCODE
- # The HTML status code that originated the error.
- # - REASON
- # The specified reason for the error.
- # - REQTYPE
- # The kind of request that was made (GET, POST...)
- # - HEADERS
- # HTTP headers returned by the CA
-
- # Simple example: Send mail to root
- # printf "Subject: HTTP request failed failed!\n\nA http request failed with status ${STATUSCODE}!" | sendmail root
- {{ item.request_failure_hook|default("") }}
-}
-
-generate_csr() {
- local DOMAIN="${1}" CERTDIR="${2}" ALTNAMES="${3}"
-
- # This hook is called before any certificate signing operation takes place.
- # It can be used to generate or fetch a certificate signing request with external
- # tools.
- # The output should be just the certificate signing request formatted as PEM.
- #
- # Parameters:
- # - DOMAIN
- # The primary domain as specified in domains.txt. This does not need to
- # match with the domains in the CSR, it's basically just the directory name.
- # - CERTDIR
- # Certificate output directory for this particular certificate. Can be used
- # for storing additional files.
- # - ALTNAMES
- # All domain names for the current certificate as specified in domains.txt.
- # Again, this doesn't need to match with the CSR, it's just there for convenience.
-
- # Simple example: Look for pre-generated CSRs
- # if [ -e "${CERTDIR}/pre-generated.csr" ]; then
- # cat "${CERTDIR}/pre-generated.csr"
- # fi
- {{ item.startup_hook|default("") }}
-
-}
-
-startup_hook() {
- # This hook is called before the cron command to do some initial tasks
- # (e.g. starting a webserver).
- {{ item.startup_hook|default("") }}
- :
-}
-
-exit_hook() {
- local ERROR="${1:-}"
- # This hook is called at the end of the cron command and can be used to
- # do some final (cleanup or other) tasks.
- #
- # Parameters:
- # - ERROR
- # Contains error message if dehydrated exits with error
- {{ item.exit_hook|default("") }}
-}
-
-HANDLER="$1"; shift
-if [[ "${HANDLER}" =~ ^(deploy_challenge|clean_challenge|sync_cert|deploy_cert|deploy_ocsp|unchanged_cert|invalid_challenge|request_failure|generate_csr|startup_hook|exit_hook)$ ]]; then
- "$HANDLER" "$@"
-fi
\ No newline at end of file