Rename '_lacme' user to '_lacme-client'.

For a smooth upgrade to Bullseye's lacme 0.8-1.

2 files changed, 4 insertions, 4 deletions

diff --git a/roles/lacme/files/etc/lacme/lacme.conf b/roles/lacme/files/etc/lacme/lacme.conf
index b49c87a..3dc06d1 100644
--- a/roles/lacme/files/etc/lacme/lacme.conf
+++ b/roles/lacme/files/etc/lacme/lacme.conf
@@ -4,41 +4,41 @@
 #config-certs = lacme-certs.conf lacme-certs.conf.d/
 
 
 [client]
 
 # The value of "socket" specifies the path to the lacme-accountd(1)
 # UNIX-domain socket to connect to for signature requests from the ACME
 # client.  lacme(1) aborts if the socket is readable or writable by
 # other users, or if its parent directory is writable by other users.
 # Default: "$XDG_RUNTIME_DIR/S.lacme" if the XDG_RUNTIME_DIR environment
 # variable is set.
 # This option is ignored when lacme-accountd(1) is spawned by lacme(1),
 # since the two processes communicate through a socket pair.  See the
 # "accountd" section below for details.
 #
 #socket =
 
 # username to drop privileges to (setting both effective and real uid).
 # Preserve root privileges if the value is empty (not recommended).
 #
-user = _lacme
+user = _lacme-client
 
 # groupname to drop privileges to (setting both effective and real gid,
 # and also setting the list of supplementary gids to that single group).
 # Preserve root privileges if the value is empty (not recommended).
 #
 group = nogroup
 
 # Path to the ACME client executable.
 #
 #command = /usr/lib/lacme/client
 
 # URI of the ACME server's directory.  NOTE: Use the staging server
 # <https://acme-staging-v02.api.letsencrypt.org/directory> for testing
 # as it has relaxed rate-limiting.
 #
 #server = https://acme-v02.api.letsencrypt.org/directory
 
 # Timeout in seconds after which the client stops polling the ACME
 # server and considers the request failed.
 #
diff --git a/roles/lacme/tasks/main.yml b/roles/lacme/tasks/main.yml
index 5ae2597..36e534d 100644
--- a/roles/lacme/tasks/main.yml
+++ b/roles/lacme/tasks/main.yml
@@ -1,27 +1,27 @@
 - name: Install lacme
   apt: pkg={{ packages }} install_recommends=no
   vars:
     packages:
     - liblwp-protocol-https-perl
     - lacme
 
-- name: Create '_lacme' user
-  user: name=_lacme system=yes
+- name: Create '_lacme-client' user
+  user: name=_lacme-client system=yes
         group=nogroup
         createhome=no
         home=/nonexistent
         shell=/usr/sbin/nologin
-        password=!
+        password=*
         state=present
 
 - name: Copy lacme/lacme-certs.conf
   copy: src=etc/lacme/lacme.conf
         dest=/etc/lacme/lacme.conf
         owner=root group=root
         mode=0644
 
 - name: Copy lacme/lacme-certs.conf
   template: src=etc/lacme/lacme-certs.conf.j2
             dest=/etc/lacme/lacme-certs.conf
             owner=root group=root
             mode=0644