ansible-roles/evoacme/tasks/acme.yml

---
- name: Create acme group
  group:
    name: acme
    state: present

- name: Create acme user
  user:
    name: acme
    group: acme
    state: present
    createhome: no
    home: "{{ evoacme_acme_dir }}"
    shell: /bin/false
    system: yes

- name: Fix crt dir's right
  file:
    path: "{{ evoacme_crt_dir }}"
    mode: "0755"
    owner: acme
    group: acme
    state: directory

- name: "Fix hooks directory permissions"
  file:
    path: "{{ evoacme_hooks_dir }}"
    mode: "0700"
    owner: acme
    group: acme
    state: directory

- name: "Search for reload_apache hook"
  command: "find {{ evoacme_hooks_dir }} -type f \( -name 'reload_apache' -o -name 'reload_apache.*' \)"
  check_mode: no
  register: find_apache_hook

- name: "Copy reload_apache hook if missing"
  copy:
    src: "hooks/reload_apache"
    dest: "{{ evoacme_hooks_dir }}/hooks/reload_apache"
    mode: "0750"
  when: find_apache_hook.stdout == ""

- name: "Search for reload_nginx hook"
  command: "find {{ evoacme_hooks_dir }} -type f \( -name 'reload_nginx' -o -name 'reload_nginx.*' \)"
  check_mode: no
  register: find_nginx_hook

- name: "Copy reload_nginx hook if missing"
  copy:
    src: "hooks/reload_nginx"
    dest: "{{ evoacme_hooks_dir }}/hooks/reload_nginx"
    mode: "0750"
  when: find_nginx_hook.stdout == ""

- name: Fix log dir's right
  file:
    path: "{{ evoacme_log_dir }}"
    mode: "0755"
    owner: acme
    group: acme
    state: directory

- name: Fix challenge dir's right
  file:
    path: "{{ evoacme_acme_dir }}"
    mode: "0755"
    owner: acme
    group: acme
    state: directory

- name: Is /etc/aliases present?
  stat:
    path: /etc/aliases
  register: etc_aliases

- name: Set acme aliases
  lineinfile:
    state: present
    dest: /etc/aliases
    line: 'acme: root'
    regexp: 'acme:'
  when: etc_aliases.stat.exists
  notify: "newaliases"