From b9415db0f06aa8d35f285b2e4f55483e6a39b503 Mon Sep 17 00:00:00 2001
From: Niyazi Gokberk Gunduz <g.gunduz@endian.com>
Date: Thu, 16 May 2024 10:48:43 +0200
Subject: [PATCH 1/2] Enhance certbot role to support configurable renewal
 hooks

- Added variables for pre, post, and deploy renewal hooks in defaults/main.yml.
- Created a new task file tasks/setup-hooks.yml to manage the hooks setup.
- Included setup-hooks.yml in tasks/main.yml to ensure hooks are created if specified.
---
 tasks/main.yml        |  2 ++
 tasks/setup-hooks.yml | 30 ++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 tasks/setup-hooks.yml

diff --git a/tasks/main.yml b/tasks/main.yml
index 894143c..d19cbd1 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -29,5 +29,7 @@
   loop_control:
     loop_var: cert_item
 
+- import_tasks: setup-hooks.yml
+
 - import_tasks: renew-cron.yml
   when: certbot_auto_renew
diff --git a/tasks/setup-hooks.yml b/tasks/setup-hooks.yml
new file mode 100644
index 0000000..633854b
--- /dev/null
+++ b/tasks/setup-hooks.yml
@@ -0,0 +1,30 @@
+---
+- name: Ensure renewal hook directories exist
+  file:
+    path: "/etc/letsencrypt/renewal-hooks/{{ item }}"
+    state: directory
+  with_items:
+    - post
+    - pre
+    - deploy
+
+- name: Create post-renewal hook
+  copy:
+    content: "{{ certbot_renewal_hook_post }}"
+    dest: "/etc/letsencrypt/renewal-hooks/post/{{ certbot_renewal_hook_post_filename }}"
+    mode: "0755"
+  when: certbot_renewal_hook_post != ""
+
+- name: Create pre-renewal hook
+  copy:
+    content: "{{ certbot_renewal_hook_pre }}"
+    dest: "/etc/letsencrypt/renewal-hooks/pre/{{ certbot_renewal_hook_pre_filename }}"
+    mode: "0755"
+  when: certbot_renewal_hook_pre != ""
+
+- name: Create deploy-renewal hook
+  copy:
+    content: "{{ certbot_renewal_hook_deploy }}"
+    dest: "/etc/letsencrypt/renewal-hooks/deploy/{{ certbot_renewal_hook_deploy_filename }}"
+    mode: "0755"
+  when: certbot_renewal_hook_deploy != ""

From 9dcabdc972d4b906908015b89b57926a9cb664e1 Mon Sep 17 00:00:00 2001
From: Niyazi Gokberk Gunduz <g.gunduz@endian.com>
Date: Thu, 16 May 2024 11:13:22 +0200
Subject: [PATCH 2/2] Define renewal hook variables in defaults/main.yml

---
 defaults/main.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index dc1034e..e9781f7 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -9,6 +9,12 @@ certbot_auto_renew_options: "--quiet"
 certbot_testmode: false
 certbot_hsts: false
 
+certbot_renewal_hook_post: ""
+certbot_renewal_hook_pre: ""
+certbot_renewal_hook_deploy: ""
+certbot_renewal_hook_post_filename: "post.sh"
+certbot_renewal_hook_pre_filename: "pre.sh"
+certbot_renewal_hook_deploy_filename: "deploy.sh"
 
 # Parameters used when creating new Certbot certs.
 certbot_create_if_missing: false