From 4707eb6aee12f14f1e6d85ccb31e26de32623ac8 Mon Sep 17 00:00:00 2001
From: Blallo <blallo@autistici.org>
Date: Sun, 11 Apr 2021 18:03:17 +0200
Subject: [PATCH] Init

---
 handlers/main.yml |  5 ++++
 tasks/main.yml    | 60 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 65 insertions(+)
 create mode 100644 handlers/main.yml
 create mode 100644 tasks/main.yml

diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..c2d31bd
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart quasselcore
+  systemd:
+    name: quasselcore.service
+    state: restarted
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..44e53dd
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,60 @@
+---
+- fail:
+    msg: Missing quasselcore_cert_email
+  when: not quasselcore_cert_email
+  tags: all
+
+- fail:
+    msg: Missing quasselcore_cert_domain
+  when: not quasselcore_cert_domain
+  tags: all
+
+- name: Ensure quassel-core is present
+  tags: all
+  apt:
+    name:
+      - quassel-core
+      - certbot
+    state: present
+
+- name: Check if certificate already exists.
+  tags: all
+  stat:
+    path: /etc/letsencrypt/live/{{ quasselcore_cert_domain }}/cert.pem
+  register: letsencrypt_cert
+
+- name: Create the certificates
+  tags: all
+  command: "certbot certonly --standalone --noninteractive --agree-tos --email {{ quasselcore_cert_email }} -d {{ quasselcore_cert_domain }}"
+  when: not letsencrypt_cert.stat.exists
+
+- name: Renew certificates
+  tags: renew
+  command: "certbot renew"
+  when: letsencrypt_cert.stat.exists
+  register: renewed
+
+- name: Compose the certs
+  tags: all
+  block:
+    - name: Remove the old cert
+      file:
+        path: /var/lib/quassel/quasselCert.pem
+        state: absent
+    - name: Assemble the files
+      assemble:
+        src: /etc/letsencrypt/live/{{ quasselcore_cert_domain }}/
+        dest: /var/lib/quassel/quasselCert.pem
+        regexp: "^(fullchain|privkey).pem$"
+        owner: quasselcore
+        group: quassel
+        mode: 0640
+        remote_src: yes
+  when: not letsencrypt_cert.stat.exists or renewed is defined and renewed.changed
+
+- name: Ensure the service is enabled and started
+  tags: all
+  systemd:
+    name: quasselcore.service
+    state: started
+    enabled: yes