From f068684a76411a3d69ad1ec1f432ef6c0a3ef1ff Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Tue, 16 May 2017 10:30:17 +0200
Subject: [PATCH 1/5] evoacme: add squid whitelist for ocsp server

---
 evoacme/handlers/main.yml |  5 +++++
 evoacme/tasks/certbot.yml | 22 ++++++++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/evoacme/handlers/main.yml b/evoacme/handlers/main.yml
index 03538de9..c619715c 100644
--- a/evoacme/handlers/main.yml
+++ b/evoacme/handlers/main.yml
@@ -13,3 +13,8 @@
 - name: apt update
   apt:
     update_cache: yes
+
+- name: reload squid3
+  service:
+    name: squid3
+    state: reloaded
diff --git a/evoacme/tasks/certbot.yml b/evoacme/tasks/certbot.yml
index 6b978604..5fb29c3c 100644
--- a/evoacme/tasks/certbot.yml
+++ b/evoacme/tasks/certbot.yml
@@ -53,3 +53,25 @@
     src: certbot.cron
     dest: /etc/cron.daily/certbot
     mode: "0755"
+
+- name: Is Squid installed?
+  command: "command -v squid3"
+  failed_when: false
+  changed_when: false
+  check_mode: no
+  register: is_squid3_installed
+
+- name: Find squid3 config whitelist
+  shell: find /etc/squid3/whitelist-custom.conf /etc/squid3/whitelist.conf 2> /dev/null
+  failed_when: false
+  changed_when: false
+  check_mode: no
+  register: squid3_whitelist_files
+
+- name: Let's Encrypt OCSP server is authorized by squid
+  lineinfile:
+    dest: "{{ squid3_whitelist_files.stdout_lines | first }}"
+    line: "http://ocsp.int-x3.letsencrypt.org/.*"
+    state: present
+  notify: reload squid3
+  when: is_squid3_installed.rc == 0 and squid3_whitelist_files.stdout != ""

From 82b2ab1a67764625d61648cb9f46eb61025a1400 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Tue, 16 May 2017 15:04:02 +0200
Subject: [PATCH 2/5] evoacme: relative path to external roles

---
 evoacme/tasks/certbot.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/evoacme/tasks/certbot.yml b/evoacme/tasks/certbot.yml
index 5fb29c3c..0e41ab7d 100644
--- a/evoacme/tasks/certbot.yml
+++ b/evoacme/tasks/certbot.yml
@@ -3,7 +3,7 @@
 - block:
   - name: install jessie-backports
     include_role:
-      name: "{{ roles }}/apt-repositories"
+      name: apt-repositories
     vars:
       apt_repositories_install_backports: True
 

From d4036df165c2dbb79aedbaadee6ac04b0dc20bde Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Tue, 16 May 2017 15:04:24 +0200
Subject: [PATCH 3/5] evoacme: simplify squid whitelist management

---
 evoacme/tasks/certbot.yml | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/evoacme/tasks/certbot.yml b/evoacme/tasks/certbot.yml
index 0e41ab7d..dbb40f1b 100644
--- a/evoacme/tasks/certbot.yml
+++ b/evoacme/tasks/certbot.yml
@@ -54,13 +54,6 @@
     dest: /etc/cron.daily/certbot
     mode: "0755"
 
-- name: Is Squid installed?
-  command: "command -v squid3"
-  failed_when: false
-  changed_when: false
-  check_mode: no
-  register: is_squid3_installed
-
 - name: Find squid3 config whitelist
   shell: find /etc/squid3/whitelist-custom.conf /etc/squid3/whitelist.conf 2> /dev/null
   failed_when: false
@@ -74,4 +67,4 @@
     line: "http://ocsp.int-x3.letsencrypt.org/.*"
     state: present
   notify: reload squid3
-  when: is_squid3_installed.rc == 0 and squid3_whitelist_files.stdout != ""
+  when: squid3_whitelist_files.stdout != ""

From d6c6674cdca2b01d0c299d0b69d336ced132bb92 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Tue, 16 May 2017 15:05:43 +0200
Subject: [PATCH 4/5] evoacme: add a vagrant test playbook

---
 evoacme/tests/Vagrantfile | 30 ++++++++++++++++++++++++++++++
 evoacme/tests/vagrant.yml |  9 +++++++++
 2 files changed, 39 insertions(+)
 create mode 100644 evoacme/tests/Vagrantfile
 create mode 100644 evoacme/tests/vagrant.yml

diff --git a/evoacme/tests/Vagrantfile b/evoacme/tests/Vagrantfile
new file mode 100644
index 00000000..f632c5ed
--- /dev/null
+++ b/evoacme/tests/Vagrantfile
@@ -0,0 +1,30 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+VAGRANTFILE_API_VERSION = "2"
+
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+  config.vm.box = "debian/jessie64"
+
+  config.vm.synced_folder "./vagrant_share/", "/vagrant", disabled: true
+
+  config.vm.provider :virtualbox do |v|
+    v.memory = 2048
+    v.cpus = 2
+    v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
+    v.customize ["modifyvm", :id, "--ioapic", "on"]
+  end
+
+  # Master
+  config.vm.define :default do |default|
+    default.vm.hostname = "default"
+    default.vm.provision :ansible, run: "always" do |ansible|
+      ansible.limit = "default"
+      ansible.playbook = "vagrant.yml"
+      # ansible.tags = "mysql"
+      # ansible.raw_arguments = ["-b", "--ask-vault-pass"]
+      ansible.raw_arguments = ["-vv"]
+    end
+  end
+
+end
diff --git a/evoacme/tests/vagrant.yml b/evoacme/tests/vagrant.yml
new file mode 100644
index 00000000..9eb9077d
--- /dev/null
+++ b/evoacme/tests/vagrant.yml
@@ -0,0 +1,9 @@
+- hosts: default
+  gather_facts: yes
+  become: yes
+
+  roles:
+  # - squid
+  - evoacme
+
+# vim:ft=ansible

From 2f773e0ab5f82980570bf79757f208470009e0c3 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Tue, 16 May 2017 15:05:51 +0200
Subject: [PATCH 5/5] gitignore: vagrant folders

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index d5649d75..13f2924c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 .kitchen/
+.vagrant/