From 431a3d250cc9dcc4ddebdaa19578909fd9a69ceb Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <daniel@firewall-services.com>
Date: Thu, 17 Sep 2020 19:00:08 +0200
Subject: [PATCH] Update to 2020-09-17 19:00

---
 roles/letsencrypt/defaults/main.yml | 32 ++++++++++++++++++++++++++++++++
 roles/letsencrypt/tasks/main.yml    | 15 ++++++++++++++-
 2 files changed, 46 insertions(+), 1 deletion(-)

diff --git a/roles/letsencrypt/defaults/main.yml b/roles/letsencrypt/defaults/main.yml
index eae8518..416ca50 100644
--- a/roles/letsencrypt/defaults/main.yml
+++ b/roles/letsencrypt/defaults/main.yml
@@ -25,4 +25,36 @@ letsencrypt_challenge: http
 #     alt_names:
 #       - directory.domain.com
 
+letsencrypt_base_hooks:
+  clean_challenge: |
+    #!/bin/bash -e
+    # Managed by ansible, manual modifications will be lost
+  deploy_cert: |
+    #!/bin/bash -e
+    # Managed by ansible, manual modifications will be lost
+  deploy_challenge: |
+    #!/bin/bash -e
+    # Managed by ansible, manual modifications will be lost
+  exit_hook: |
+    #!/bin/bash -e
+    # Managed by ansible, manual modifications will be lost
+  generate_csr: |
+    #!/bin/bash -e
+    # Managed by ansible, manual modifications will be lost
+  invalid_challenge: |
+    #!/bin/bash -e
+    # Managed by ansible, manual modifications will be lost
+  request_failure: |
+    #!/bin/bash -e
+    # Managed by ansible, manual modifications will be lost
+  startup_hook: |
+    #!/bin/bash -e
+    # Managed by ansible, manual modifications will be lost
+  unchanged_cert: |
+    #!/bin/bash -e
+    # Managed by ansible, manual modifications will be lost
+
+letsencrypt_extra_hooks: {}
+letsencrypt_hooks: "{{ letsencrypt_base_hooks | combine(letsencrypt_extra_hooks, recursive=True) }}"
+
 ...
diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml
index d8c3d6f..557f7ea 100644
--- a/roles/letsencrypt/tasks/main.yml
+++ b/roles/letsencrypt/tasks/main.yml
@@ -45,7 +45,20 @@
 
 - name: Create hook directories
   file: path=/etc/dehydrated/hooks_{{ item }}.d state=directory
-  with_items:
+  loop:
+    - clean_challenge
+    - deploy_cert
+    - deploy_challenge
+    - unchanged_cert
+    - invalid_challenge
+    - request_failure
+    - generate_csr
+    - startup_hook
+    - exit_hook
+
+- name: Deploy default hooks
+  copy: content={{ letsencrypt_hooks[item] }} dest=/etc/dehydrated/hooks_{{ item }}.d/00-default mode=755
+  loop:
     - clean_challenge
     - deploy_cert
     - deploy_challenge