evoacme: namespaced variables

evoacme/defaults/main.yml

@@ -1,15 +1,15 @@
 ---
-ssl_key_dir: /etc/ssl/private
-ssl_key_size: 2048
-dhparam_size: 2048
-acme_dir: /var/lib/letsencrypt
-csr_dir: /etc/ssl/requests
-crt_dir: /etc/letsencrypt
-log_dir: /var/log/evoacme
-ssl_minday: 15
-ssl_ct: 'FR'
-ssl_state: 'France'
-ssl_loc: 'Marseille'
-ssl_org: 'Evolix'
-ssl_ou: 'Security'
-ssl_email: 'security@evolix.net'
+evoacme_ssl_key_dir: /etc/ssl/private
+evoacme_ssl_key_size: 2048
+evoacme_dhparam_size: 2048
+evoacme_acme_dir: /var/lib/letsencrypt
+evoacme_csr_dir: /etc/ssl/requests
+evoacme_crt_dir: /etc/letsencrypt
+evoacme_log_dir: /var/log/evoacme
+evoacme_ssl_minday: 15
+evoacme_ssl_ct: 'FR'
+evoacme_ssl_state: 'France'
+evoacme_ssl_loc: 'Marseille'
+evoacme_ssl_org: 'Evolix'
+evoacme_ssl_ou: 'Security'
+evoacme_ssl_email: 'security@evolix.net'

evoacme/tasks/acme.yml

@@ -10,12 +10,12 @@
     group: acme
     state: present
     createhome: no
-    home: "{{ crt_dir }}"
+    home: "{{ evoacme_crt_dir }}"
     shell: /bin/false
 
 - name: Fix crt dir's right
   file:
-    path: "{{ crt_dir }}"
+    path: "{{ evoacme_crt_dir }}"
     mode: 0755
     owner: acme
     group: acme
@@ -23,7 +23,7 @@
 
 - name: Fix log dir's right
   file:
-    path: "{{ log_dir }}"
+    path: "{{ evoacme_log_dir }}"
     mode: 0755
     owner: acme
     group: acme
@@ -31,7 +31,7 @@
 
 - name: Fix challenge dir's right
   file:
-    path: "{{ acme_dir }}"
+    path: "{{ evoacme_acme_dir }}"
     mode: 0755
     owner: acme
     group: acme

evoacme/tasks/certbot.yml

@@ -1,6 +1,7 @@
 ---
 - name: Set certbot release to Debian stable
-  set_fact: release="stable"
+  set_fact:
+    evoacme_certbot_release: stable
   when:
     - ansible_distribution is defined
     - ansible_distribution == "Debian"
@@ -8,8 +9,9 @@
     - ansible_distribution_major_version|int > 8
 
 - name: Set certbot relase to jessie-backports
-  set_fact: release="jessie-backports"
-  when: 
+  set_fact:
+    evoacme_certbot_release: jessie-backports
+  when:
     - ansible_distribution is defined
     - ansible_distribution == "Debian"
     - ansible_distribution_major_version is defined
@@ -21,13 +23,13 @@
       dest: /etc/apt/sources.list
       line: 'deb http://mirror.evolix.org/debian jessie-backports main'
       state: present
-    when: release == "jessie-backports"
+    when: evoacme_certbot_release == "jessie-backports"
 
   - name: Install certbot with apt
     apt:
       name: certbot
       state: latest
-      default_release: "{{release}}"
+      default_release: "{{ evoacme_certbot_release }}"
       update_cache: yes
 
   - name: Mount /usr in rw

evoacme/tasks/conf.yml

@@ -5,7 +5,7 @@
     option: "{{ item.name }}"
     value: "{{ item.var }}"
   with_items:
-     - { name: 'default_bits', var: "{{ ssl_key_size }}" }
+     - { name: 'default_bits', var: "{{ evoacme_ssl_key_size }}" }
      - { name: 'encrypt_key', var: 'yes' }
      - { name: 'distinguished_name', var: 'req_dn' }
      - { name: 'prompt', var: 'no' }
@@ -17,17 +17,17 @@
     option: "{{ item.name }}"
     value: "{{ item.var }}"
   with_items:
-     - { name: 'C', var: "{{ ssl_ct }}" }
-     - { name: 'ST', var: "{{ ssl_state }}" }
-     - { name: 'L', var: "{{ ssl_loc }}" }
-     - { name: 'O', var: "{{ ssl_org }}" }
-     - { name: 'OU', var: "{{ ssl_ou }}" }
-     - { name: 'emailAddress', var: "{{ ssl_email }}" }
+     - { name: 'C', var: "{{ evoacme_ssl_ct }}" }
+     - { name: 'ST', var: "{{ evoacme_ssl_state }}" }
+     - { name: 'L', var: "{{ evoacme_ssl_loc }}" }
+     - { name: 'O', var: "{{ evoacme_ssl_org }}" }
+     - { name: 'OU', var: "{{ evoacme_ssl_ou }}" }
+     - { name: 'emailAddress', var: "{{ evoacme_ssl_email }}" }
 
 - name: Copy new evoacme conf
-  template: 
+  template:
     src: templates/evoacme.conf.j2
-    dest: /etc/default/evoacme 
-    owner: root 
-    group: root 
+    dest: /etc/default/evoacme
+    owner: root
+    group: root
     mode: 0644

evoacme/tasks/dhparam.yml

@@ -1,3 +1,4 @@
 - name: Generate DH paramaters
-  shell: openssl dhparam -rand - {{dhparam_size}} -out /etc/ssl/dhparam.pem
-   creates=/etc/ssl/dhparam.pem
+  command: openssl dhparam -rand - {{ evoacme_dhparam_size }} -out /etc/ssl/dhparam.pem
+  args:
+    creates: /etc/ssl/dhparam.pem

evoacme/tasks/scripts.yml

@@ -1,7 +1,7 @@
 ---
 - name: Create CSR dir
   file:
-    path: "{{ csr_dir }}"
+    path: "{{ evoacme_csr_dir }}"
     state: directory
     owner: root
     group: root

evoacme/templates/apache.conf.j2

@@ -1,6 +1,6 @@
 SetEnvIf Request_URI "/.well-known/acme-challenge/*" no-jk
-Alias /.well-known/acme-challenge {{ acme_dir }}/.well-known/acme-challenge
-<Directory "{{ acme_dir }}/.well-known/acme-challenge">
+Alias /.well-known/acme-challenge {{ evoacme_acme_dir }}/.well-known/acme-challenge
+<Directory "{{ evoacme_acme_dir }}/.well-known/acme-challenge">
     Options -Indexes
     Allow from all
     Require all granted

evoacme/templates/evoacme.conf.j2

@@ -1,8 +1,8 @@
 ### File generated by Ansible ###
 
-SSL_KEY_DIR={{ssl_key_dir}}
-ACME_DIR={{acme_dir}}
-CSR_DIR={{csr_dir}}
-CRT_DIR={{crt_dir}}
-LOG_DIR={{log_dir}}
-SSL_MINDAY={{ssl_minday}}
+SSL_KEY_DIR={{ evoacme_ssl_key_dir }}
+ACME_DIR={{ evoacme_acme_dir }}
+CSR_DIR={{ evoacme_csr_dir }}
+CRT_DIR={{ evoacme_crt_dir }}
+LOG_DIR={{ evoacme_log_dir }}
+SSL_MINDAY={{ evoacme_ssl_minday }}

evoacme/templates/nginx.conf.j2

@@ -1,4 +1,4 @@
 location /.well-known/acme-challenge {
-    alias {{ acme_dir }}/.well-known/acme-challenge;
+    alias {{ evoacme_acme_dir }}/.well-known/acme-challenge;
     try_files $uri =404;
 }