From 03f58b49acb26c7e57d95dc84f233f118cca560a Mon Sep 17 00:00:00 2001
From: Bertrand Lanson <bertrand.lanson@protonmail.com>
Date: Sun, 10 Nov 2024 15:43:44 +0100
Subject: [PATCH] feat: enable certificate renewal for nomad and vault in
 hashistack_ca

Until now this role was not able to renew nomad and vault leaf certificates,
tho the code to do so was present. It can now do it.
---
 roles/hashistack_ca/defaults/main.yml |  2 +-
 roles/hashistack_ca/tasks/main.yml    | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/roles/hashistack_ca/defaults/main.yml b/roles/hashistack_ca/defaults/main.yml
index 9020363..e670f71 100644
--- a/roles/hashistack_ca/defaults/main.yml
+++ b/roles/hashistack_ca/defaults/main.yml
@@ -3,7 +3,7 @@
 hashistack_ca_directory: "/etc/hashistack/certificates"
 hashistack_ca_use_cryptography: false
 hashistack_ca_action: "noop"
-hashistack_ca_domain: example.com
+hashistack_ca_domain: "*"
 hashistack_ca_directory_owner: root
 
 ##############################
diff --git a/roles/hashistack_ca/tasks/main.yml b/roles/hashistack_ca/tasks/main.yml
index 00a8b62..1e0f793 100644
--- a/roles/hashistack_ca/tasks/main.yml
+++ b/roles/hashistack_ca/tasks/main.yml
@@ -45,3 +45,15 @@
   when:
     - hashistack_ca_renew_leaf
     - "('consul_servers' in group_names) or ('consul_agents' in group_names)"
+
+- name: "Nomad leaf certificates | Import renew_nomad.yml"
+  ansible.builtin.include_tasks: renew/renew_nomad.yml
+  when:
+    - hashistack_ca_renew_leaf
+    - "('nomad_servers' in group_names) or ('nomad_clients' in group_names)"
+
+- name: "Vault leaf certificates | Import renew_vault.yml"
+  ansible.builtin.include_tasks: renew/renew_vault.yml
+  when:
+    - hashistack_ca_renew_leaf
+    - "'vault_servers' in group_names"