From fd412b529a59e1f3981eb18d54b7472e1cca2a20 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Mon, 28 Dec 2015 14:40:05 +0100
Subject: Only install letsencrypt-tiny to the relevant hosts.

---
 common.yml                     |  6 +++++-
 roles/common/handlers/main.yml |  3 ---
 roles/common/tasks/main.yml    | 26 --------------------------
 3 files changed, 5 insertions(+), 30 deletions(-)

diff --git a/common.yml b/common.yml
index d689e04..cdf4372 100644
--- a/common.yml
+++ b/common.yml
@@ -16,11 +16,15 @@
   hosts: IMAP:MX:MSA:webmail:lists:wiki:git
   gather_facts: False
   tasks:
+    - name: Install dependencies for letsencrypt-tiny
+      apt: pkg={{ item }}
+      with_items:
+        - liblwp-protocol-https-perl
+        - socat
     - name: Copy LetsEncrypt's ACME client
       copy: src=deb/letsencrypt-tiny_0.1-1_all.deb
             dest=/tmp
       notify: Install LetsEncrypt's ACME client
-       - genkey
     - name: Create a user 'letsencrypt'
       user: name=letsencrypt system=yes
             group=nogroup
diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml
index a852c4d..47e3db8 100644
--- a/roles/common/handlers/main.yml
+++ b/roles/common/handlers/main.yml
@@ -44,9 +44,6 @@
 - name: Restart bacula-fd
   service: name=bacula-fd state=restarted
 
-- name: Update certificate
-  command: update-ca-certificates
-
 - name: Restart munin-node
   service: name=munin-node state=restarted
 
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 955493a..3b95c92 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -45,29 +45,3 @@
     - rsync
     - screen
     - telnet-ssl
-    # for letencrypt
-    - liblwp-protocol-https-perl
-    - socat
-
-# XXX: this is a workaround the CAcert root CAs not being present in
-# Jessie.  In stretch, we would merely install the 'ca-cacert' package.
-- name: Create directory /usr/local/share/ca-certificates/CAcert
-  file: path=/usr/local/share/ca-certificates/CAcert
-        state=directory
-        owner=root group=root
-        mode=0755
-  tags:
-    - certs
-
-- name: Copy CAcert root CAs
-  copy: src=certs/CAcert/{{ item }}
-        dest=/usr/local/share/ca-certificates/CAcert/{{ item }}
-        owner=root group=root
-        mode=0644
-  with_items:
-    - root.crt
-    - class3.crt
-  tags:
-    - certs
-  notify:
-    - Update certificate
-- 
cgit v1.2.3