From 8454780c92144628e107d39f675e3b0e20f4068c Mon Sep 17 00:00:00 2001
From: Matej Focko <me@mfocko.xyz>
Date: Tue, 12 Nov 2024 16:46:34 +0100
Subject: [PATCH] feat(porkbun): switch to global variables for keys

- Introduce 2 global variables with API keys
- Remove redundant role that only installs one config file used by
  another role
- Use the said global variables within DDNS and Certbot roles
- Create the config file in the role that uses it (Certbot)

Signed-off-by: Matej Focko <me@mfocko.xyz>
---
 defaults/main.yml                   | 5 +++++
 roles/certbot/tasks/main.yml        | 6 ++++++
 roles/certbot/templates/porkbun.ini | 2 ++
 roles/ddns/defaults/main.yml        | 6 ------
 roles/ddns/templates/ddns.ini       | 4 ++--
 roles/porkbun/defaults/main.yml     | 6 ------
 roles/porkbun/tasks/main.yml        | 6 ------
 roles/porkbun/templates/porkbun.ini | 2 --
 8 files changed, 15 insertions(+), 22 deletions(-)
 create mode 100644 roles/certbot/templates/porkbun.ini
 delete mode 100644 roles/porkbun/defaults/main.yml
 delete mode 100644 roles/porkbun/tasks/main.yml
 delete mode 100644 roles/porkbun/templates/porkbun.ini

diff --git a/defaults/main.yml b/defaults/main.yml
index 5b8cd98..a4e761f 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -27,6 +27,11 @@ hashicorp_vault_address: None
 # Address of the Vaultwarden instance
 vaultwarden_address: None
 
+# Porkbun ‹apikey› and ‹secretapikey› that are used by Certbot (SSL/TLS renewal)
+# and DDNS (updating DNS records)
+porkbun_apikey: None
+porkbun_secretapikey: None
+
 # Public ID tied to the Yubikey OTP
 yubikey_token_id: None
 
diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml
index f15563f..4062179 100644
--- a/roles/certbot/tasks/main.yml
+++ b/roles/certbot/tasks/main.yml
@@ -11,6 +11,12 @@
     owner: root
     group: root
 
+- name: Create the file with Porkbun secrets
+  ansible.builtin.template:
+    src: templates/porkbun.ini
+    dest: /etc/porkbun.ini
+    mode: 0600
+
 - name: Install the Porkbun Certbot container definition (quadlet)
   ansible.builtin.template:
     src: templates/certbot.container
diff --git a/roles/certbot/templates/porkbun.ini b/roles/certbot/templates/porkbun.ini
new file mode 100644
index 0000000..1a12a46
--- /dev/null
+++ b/roles/certbot/templates/porkbun.ini
@@ -0,0 +1,2 @@
+dns_porkbun_key={{ porkbun_apikey }}
+dns_porkbun_secret={{ porkbun_secretapikey }}
diff --git a/roles/ddns/defaults/main.yml b/roles/ddns/defaults/main.yml
index 2c60a68..338c883 100644
--- a/roles/ddns/defaults/main.yml
+++ b/roles/ddns/defaults/main.yml
@@ -4,9 +4,3 @@ ddns_domain: None
 
 # List of all subdomains on the said domain for which the IP should be set
 ddns_subdomains: []
-
-# ‹apikey› provided by Porkbun
-ddns_porkbun_apikey: None
-
-# ‹secretapikey› provided by Porkbun
-ddns_porkbun_secretapikey: None
diff --git a/roles/ddns/templates/ddns.ini b/roles/ddns/templates/ddns.ini
index ad73d03..8b30ddb 100644
--- a/roles/ddns/templates/ddns.ini
+++ b/roles/ddns/templates/ddns.ini
@@ -1,4 +1,4 @@
 DOMAIN={{ ddns_domain }}
 SUBDOMAINS={{ ','.join(ddns_subdomains) }}
-APIKEY={{ ddns_porkbun_apikey }}
-SECRETAPIKEY={{ ddns_porkbun_secretapikey }}
+APIKEY={{ porkbun_apikey }}
+SECRETAPIKEY={{ porkbun_secretapikey }}
diff --git a/roles/porkbun/defaults/main.yml b/roles/porkbun/defaults/main.yml
deleted file mode 100644
index 1d47c5a..0000000
--- a/roles/porkbun/defaults/main.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# ‹apikey› provided by Porkbun
-porkbun_key: None
-
-# ‹secretapikey› provided by Porkbun
-porkbun_secret: None
diff --git a/roles/porkbun/tasks/main.yml b/roles/porkbun/tasks/main.yml
deleted file mode 100644
index 18a447d..0000000
--- a/roles/porkbun/tasks/main.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: Create the file with Porkbun secrets
-  ansible.builtin.template:
-    src: templates/porkbun.ini
-    dest: /etc/porkbun.ini
-    mode: 0600
diff --git a/roles/porkbun/templates/porkbun.ini b/roles/porkbun/templates/porkbun.ini
deleted file mode 100644
index ff5dada..0000000
--- a/roles/porkbun/templates/porkbun.ini
+++ /dev/null
@@ -1,2 +0,0 @@
-dns_porkbun_key={{ porkbun_key }}
-dns_porkbun_secret={{ porkbun_secret }}