Create standalone mode

README.md

@@ -5,7 +5,9 @@
 
 Install and configure the `acmetool` LE client.
 
-Currently this role is designed to work with the [do1jlr.nginx](https://github.com/do1jlr/ansible_role_nginx.git) ansible role. Maybe there will be a standalone version of this role someday...
+We recomend to use this role together with the [do1jlr.nginx](https://github.com/do1jlr/ansible_role_nginx.git) ansible role. But this role has a standalone version too.
+
+The ``do1jlr.nginx`` role installs a hook to enable nginx https sites and is running the ``acmetool want $domain`` command. Or you add the domains you need to the ``acme_domain_want_list: []``. But make sure you your acmetool is able to request the domains. Maybe you want to configure the ``response-file.yml.j2`` for that.
 
 
  Variables
@@ -21,13 +23,23 @@ Currently this role is designed to work with the [do1jlr.nginx](https://github.c
 * ``acme_restart_services:`` (Default: ``[]``):
   Services that need a restart by certificat change
 
+* ``acme_domain_want_list:`` (Default: ``[]``):
+  A list of domain you want to enable. Example:
+```yml
+acme_restart_services:
+  - name: 'www.example.com'
+```
+
+* ``acme_domain_unwant_list:`` (Default: ``[]``):
+  Disable a enabled domain. Same syntax than ``acme_domain_want_list``.
+
 * ``submodules_versioncheck:`` (Default: ``false``):
   Enable basic versionscheck. *(``true`` is recomended)*
 
 
  Files
 -------
-* We search the ``response-file.yml.j2`` using the [first_found_loopup](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/first_found_lookup.html) with the following config:
+* We search the ``response-file.yml.j2`` using the [first_found_lookup](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/first_found_lookup.html) with the following config:
 ```yaml
   files:
     - "response-file.{{ inventory_hostname }}.yml.j2"
@@ -41,7 +53,7 @@ Currently this role is designed to work with the [do1jlr.nginx](https://github.c
 ```
 This file is configuring the acmetool behaviour like certificate type, challange methode, acme notification email and so on. Change the values by providing your own ``response-file.yml.j2``.
 
-* We search the ``reload`` and ``restart`` hook using the [first_found_loopup](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/first_found_lookup.html) with the config defined in ``vars/main.yml``.
+* We search the ``reload`` and ``restart`` hook using the [first_found_lookup](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/first_found_lookup.html) with the config defined in ``vars/main.yml``.
 
 * We deploy the ``acme-reload`` and ``acme-restart`` configuration based on the ``acme_reload_services:`` and ``acme_restart_services:`` variables
 

defaults/main.yml

@@ -5,6 +5,13 @@ acme_notification_email: 'root@example.org'
 acme_reload_services: []
 acme_restart_services: []
 
+acme_domain_want_list: []
+# - name: 'example.com'
+# - name: 'www.example.com'
+
+acme_domain_unwant_list: []
+# - name: 'old.example.com'
+
 # configure acmetool systemd service
 acme_systemd_start_after: 'apache2.service nginx.service'
 

tasks/main.yml

@@ -17,3 +17,9 @@
 
 - name: Reload systemd and enable acmetool timer unit
   ansible.builtin.include_tasks: timer.yml
+
+- name: optionally want domains
+  ansible.builtin.include_tasks: want_domains.yml
+
+- name: optionally unwant domains
+  ansible.builtin.include_tasks: unwant_domains.yml

tasks/unwant_domains.yml

@@ -0,0 +1,7 @@
+---
+- name: disable acmetool for acme_domain_unwant_list domains
+  become: true
+  ansible.builtin.command: "acmetool unwant {{ _domain.name }}"
+  with_items: "{{ acme_domain_unwant_list }}"
+  loop_control:
+    loop_var: _domain

tasks/want_domains.yml

@@ -0,0 +1,9 @@
+---
+- name: enable acmetool for acme_domain_list domains
+  become: true
+  ansible.builtin.command: "acmetool want {{ _domain.name }}"
+  args:
+    creates: "/var/lib/acme/live/{{ _domain.name }}"
+      with_items: "{{ acme_domain_want_list }}"
+  loop_control:
+    loop_var: _domain

vars/main.yml

@@ -33,5 +33,5 @@ acmetool__restart_hook:
     - 'files'
 
 # versionscheck
-playbook_version_number: 28   # should be a integer
+playbook_version_number: 29   # should be a integer
 playbook_version_path: 'do1jlr.role-acmetool.version'