From 18b991db035b0609d57755d01b02a13da25851bf Mon Sep 17 00:00:00 2001
From: exploide <me@exploide.net>
Date: Thu, 18 Jan 2018 17:06:07 +0100
Subject: [PATCH] added a role variable to set global certbot options in
 configuration file

---
 README.md             |  8 ++++++--
 defaults/main.yml     |  3 +++
 tasks/config-file.yml | 10 ++++++++++
 tasks/main.yml        |  2 ++
 templates/cli.ini.j2  |  5 +++++
 5 files changed, 26 insertions(+), 2 deletions(-)
 create mode 100644 tasks/config-file.yml
 create mode 100644 templates/cli.ini.j2

diff --git a/README.md b/README.md
index 5491e28..21241c4 100644
--- a/README.md
+++ b/README.md
@@ -14,6 +14,8 @@ Generally, installing from source (see section `Source Installation from Git`) l
 
 The variable `certbot_install_from_source` controls whether to install Certbot from Git or package management. The latter is the default, so the variable defaults to `no`.
 
+The variable `certbot_config_file_options` defaults to an empty dictionary but can be used to configure global options for Certbot, which will go into `/etc/letsencrypt/cli.ini`.
+
     certbot_auto_renew: true
     certbot_auto_renew_user: "{{ ansible_user }}"
     certbot_auto_renew_hour: 3
@@ -82,12 +84,14 @@ None.
 ## Example Playbook
 
     - hosts: servers
-    
+
       vars:
+        certbot_config_file_options:
+          rsa-key-size: 4096
         certbot_auto_renew_user: your_username_here
         certbot_auto_renew_minute: 20
         certbot_auto_renew_hour: 5
-    
+
       roles:
         - geerlingguy.certbot
 
diff --git a/defaults/main.yml b/defaults/main.yml
index 2e79029..610b71f 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,4 +1,7 @@
 ---
+# Global options for configuration file
+certbot_config_file_options: {}
+
 # Certbot auto-renew cron job configuration (for certificate renewals).
 certbot_auto_renew: true
 certbot_auto_renew_user: "{{ ansible_user }}"
diff --git a/tasks/config-file.yml b/tasks/config-file.yml
new file mode 100644
index 0000000..fd20c18
--- /dev/null
+++ b/tasks/config-file.yml
@@ -0,0 +1,10 @@
+---
+- name: Ensure configuration directory is present.
+  file:
+    path: /etc/letsencrypt
+    state: directory
+
+- name: Install Certbot configuration file.
+  template:
+    src: cli.ini.j2
+    dest: /etc/letsencrypt/cli.ini
diff --git a/tasks/main.yml b/tasks/main.yml
index 680aeda..75d83ba 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -7,6 +7,8 @@
 - import_tasks: install-from-source.yml
   when: certbot_install_from_source
 
+- import_tasks: config-file.yml
+
 - include_tasks: create-cert-standalone.yml
   with_items: "{{ certbot_certs }}"
   when:
diff --git a/templates/cli.ini.j2 b/templates/cli.ini.j2
new file mode 100644
index 0000000..cf484e5
--- /dev/null
+++ b/templates/cli.ini.j2
@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+{% for key, value in certbot_config_file_options.items() %}
+{{ key }} = {{ value }}
+{% endfor %}