# vim:syntax=yaml
---
{%- from "acme/map.jinja" import acme with context %}
acme-install:
  cmd.run:
    - name: "curl https://get.acme.sh | sh"
    - runas: root
    - cwd: /root
    - env:
      - HOME: /root
    - unless: /bin/bash -c "[[ -f /root/.acme.sh/acme.sh ]]"

acme-upgrade:
  cmd.run:
    - name: /root/.acme.sh/acme.sh --upgrade
    - runas: root
    - cwd: /root
    - env:
      - HOME: /root
    - require:
      - cmd: acme-install

{%- for dir in acme.directories %}
acme-directories-{{ dir }}:
  file.directory:
    - name: {{ dir }}
    - makedirs: true
{%- endfor %}

acme-dh-params:
  cmd.run:
    - name: openssl dhparam -out {{ acme.dh.path }} {{ acme.dh.keysize }}
    - creates: {{ acme.dh.path }}

acme-certs:
  cmd.run:
    - name: /root/.acme.sh/acme.sh --debug --issue {%- for dom in acme.domains %} -d '{{ dom }}' {% endfor -%} --dns dns_ovh --cert-file '' --key-file '{{ acme.keyfile }}' --fullchain-file '{{ acme.fullchainfile }}' -k {{ acme.keysize }}
    - env:
      - OVH_AK: '{{ acme.provider.api.application_key }}'
      - OVH_AS: '{{ acme.provider.api.application_secret }}'
      - OVH_CK: '{{ acme.provider.api.consumer_key }}'
      - HOME: '/root'
    - success_retcodes:
      - 0
      - 1
      - 2
    - runas: root
    - cwd: /root
    - require:
      - cmd: acme-install