From cffa318bea3b759e9fb407d9e98729387cfee996 Mon Sep 17 00:00:00 2001
From: Markus Hauschild <markus@moepman.eu>
Date: Wed, 13 Feb 2019 14:05:27 +0100
Subject: [PATCH] Remove acme.sh client

---
 roles/acme/defaults/main.yml            | 16 -----
 roles/acme/files/reload.sh              |  5 --
 roles/acme/tasks/main.yml               | 92 -------------------------
 roles/acme/templates/acme.sh.request.j2 | 22 ------
 roles/acme/templates/nsupdate.key.j2    |  4 --
 site.yml                                |  1 -
 6 files changed, 140 deletions(-)
 delete mode 100644 roles/acme/defaults/main.yml
 delete mode 100755 roles/acme/files/reload.sh
 delete mode 100644 roles/acme/tasks/main.yml
 delete mode 100644 roles/acme/templates/acme.sh.request.j2
 delete mode 100644 roles/acme/templates/nsupdate.key.j2

diff --git a/roles/acme/defaults/main.yml b/roles/acme/defaults/main.yml
deleted file mode 100644
index daf80dd..0000000
--- a/roles/acme/defaults/main.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-acme_home: "/opt/acme"
-acme_staging: False
-
-acme_nsupdate_key: "/opt/acme/nsupdate.key"
-acme_nsupdate_keyalgo: "hmac-sha512"
-acme_nsupdate_server: "neon.binary-kitchen.net"
-
-acme_sh_url: "https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh"
-acme_dns_nsupdate_url: "https://raw.githubusercontent.com/Neilpang/acme.sh/master/dnsapi/dns_nsupdate.sh"
-
-acme_reloadcmd: "/etc/ssl/private/reload.sh"
-acme_key: "/etc/ssl/private/host.key"
-acme_cert: "/etc/ssl/private/host.cert"
-acme_ca: "/etc/ssl/private/host.ca"
-acme_fullchain: "/etc/ssl/private/host.fullchain"
diff --git a/roles/acme/files/reload.sh b/roles/acme/files/reload.sh
deleted file mode 100755
index dd0b836..0000000
--- a/roles/acme/files/reload.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-[ -d '/etc/reload.d' ] && for x in "/etc/reload.d/"*; do
-	[ -e "$x" ] && "$x"
-done
-exit 0
diff --git a/roles/acme/tasks/main.yml b/roles/acme/tasks/main.yml
deleted file mode 100644
index bd5df7f..0000000
--- a/roles/acme/tasks/main.yml
+++ /dev/null
@@ -1,92 +0,0 @@
----
-- name: Create acme home directory
-  file:
-    path: "{{ acme_home }}"
-    state: "directory"
-
-- name: Get nsupdate.key 
-  shell: "pdnsutil list-tsig-keys | grep '^acme-{{ inventory_hostname }}. {{ acme_nsupdate_keyalgo }}'"
-  register: "pdns_nsupdate_key"
-  failed_when: "False"
-  changed_when: "False"
-  delegate_to: "{{ acme_nsupdate_server }}"
-
-- name: Update updatepolicy.aliases
-  lineinfile:
-    path: "/etc/powerdns/updatepolicy.aliases"
-    line: 'alias["{{ inventory_hostname }}."] = {}'
-  delegate_to: "{{ acme_nsupdate_server }}"
-
-- name: Update updatepolicy.aliases
-  lineinfile:
-    path: "/etc/powerdns/updatepolicy.aliases"
-    line: 'alias["{{ inventory_hostname }}."]["{{ item }}."] = "{{ item }}."'
-  loop: "{{ acme_san_domains }}"
-  delegate_to: "{{ acme_nsupdate_server }}"
-
-- name: Generate nsupdate.key
-  shell: "pdnsutil generate-tsig-key 'acme-{{ inventory_hostname }}.' '{{ acme_nsupdate_keyalgo }}'"
-  register: "pdns_nsupdate_genkey"
-  when: "pdns_nsupdate_key is defined and pdns_nsupdate_key.rc != 0"
-  delegate_to: "{{ acme_nsupdate_server }}"
-  
-- name: Get nsupdate.key again
-  shell: "pdnsutil list-tsig-keys | grep '^acme-{{ inventory_hostname }}. {{ acme_nsupdate_keyalgo }}'"
-  register: "pdns_nsupdate_key"
-  when: "pdns_nsupdate_genkey is defined"
-  changed_when: "False"
-  delegate_to: "{{ acme_nsupdate_server }}"
-
-- name: Write nsupdate.key to file
-  template:
-      src: "nsupdate.key.j2"
-      dest: "{{ acme_nsupdate_key }}"
-  when: "pdns_nsupdate_key is defined"
-
-- name: Check acme.sh exists
-  stat:
-    path: "{{ acme_home }}/acme.sh"
-  register: "stat_acme_sh"
-
-- name: Fetch acme.sh
-  get_url:
-    url: "{{ acme_sh_url }}"
-    dest: "/tmp/acme.sh"
-    mode: "0755"
-  register: "fetch_acme_sh"
-  when: "not stat_acme_sh.stat.exists"
-
-- name: Install acme.sh
-  shell: "./acme.sh --home '{{ acme_home }}' --install"
-  args:
-    chdir: "/tmp"
-    creates: "{{ acme_home }}/acme.sh"
-  when: "fetch_acme_sh is defined"
-
-- name: Create acme dnsapi directory
-  file:
-    path: "{{ acme_home }}/dnsapi"
-    state: "directory"
-
-- name: Fetch acme.sh dns_nsupdate
-  get_url:
-    url: "{{ acme_dns_nsupdate_url }}"
-    dest: "{{ acme_home }}/dnsapi/"
-    mode: "0755"
-
-- name: Create acme certificate directory
-  file:
-    path: "{{ acme_home }}/{{ inventory_hostname }}"
-    state: "directory"
-
-- name: Copy reload.sh
-  copy:
-    src: "reload.sh"
-    dest: "{{ acme_reloadcmd }}"
-    mode: "0755"
-
-- name: Issue certificate
-  shell: "{{ lookup('template','acme.sh.request.j2').replace('\n',' ') }}"
-  args:
-    chdir: "{{ acme_home }}"
-    creates: "{{ acme_cert }}"
diff --git a/roles/acme/templates/acme.sh.request.j2 b/roles/acme/templates/acme.sh.request.j2
deleted file mode 100644
index ff05d11..0000000
--- a/roles/acme/templates/acme.sh.request.j2
+++ /dev/null
@@ -1,22 +0,0 @@
-NSUPDATE_KEY="{{ acme_nsupdate_key }}"
-NSUPDATE_SERVER="{{ acme_nsupdate_server }}"
-"{{ acme_home }}/acme.sh"
---home "{{ acme_home }}"
---log
---issue
--k 4096
--d "{{ inventory_hostname }}"
---dns dns_nsupdate
-{% if acme_san_domains is defined %}
-{% for domain in acme_san_domains %}
--d "{{ domain }}"
-{% endfor %}
-{% endif %}
-{% if acme_staging is defined and acme_staging %}
---staging
-{% endif %}
---cert-file "{{ acme_cert }}"
---key-file "{{ acme_key }}"
---ca-file "{{ acme_ca }}"
---fullchain-file "{{ acme_fullchain }}"
---reloadcmd "{{ acme_reloadcmd }}"
diff --git a/roles/acme/templates/nsupdate.key.j2 b/roles/acme/templates/nsupdate.key.j2
deleted file mode 100644
index b1aad71..0000000
--- a/roles/acme/templates/nsupdate.key.j2
+++ /dev/null
@@ -1,4 +0,0 @@
-key acme-{{ inventory_hostname }}. {
-    algorithm {{ acme_nsupdate_keyalgo }};
-    secret "{{ pdns_nsupdate_key.stdout.split(' ')[2] }}";
-};
diff --git a/site.yml b/site.yml
index fd2420c..05ccfd3 100644
--- a/site.yml
+++ b/site.yml
@@ -32,7 +32,6 @@
   - librenms
   - prometheus
   - racktables
-  - acme
 
 - name: Setup ldap server
   hosts: helium.binary-kitchen.net