From 786026d0afbd68d216b461109def5af59286343c Mon Sep 17 00:00:00 2001
From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
Date: Thu, 22 Sep 2016 19:10:09 +0200
Subject: [PATCH] roles/quassel: Write the cert somewhere quassel can read it

---
 roles/quassel/templates/letsencrypt.hook.d.j2 | 6 +++++-
 roles/quassel/templates/quassel.service.d.j2  | 4 +---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/roles/quassel/templates/letsencrypt.hook.d.j2 b/roles/quassel/templates/letsencrypt.hook.d.j2
index 891624f45..f1c89623b 100644
--- a/roles/quassel/templates/letsencrypt.hook.d.j2
+++ b/roles/quassel/templates/letsencrypt.hook.d.j2
@@ -2,9 +2,13 @@
 
 test "$1" = renew || exit 0
 
+quassel_domain="{{ quassel_domain }}"
+
 for domain in $RENEWED_DOMAINS; do
   case "$domain" in
-    {{ quassel_domain }})
+    $quassel_domain)
+      cat /etc/letsencrypt/live/$quassel_domain/{privkey,fullchain}.pem |
+        install -o quassel -g quassel -m 400 /dev/stdin /var/lib/quassel/quasselCert.pem
       systemctl restart quassel
       ;;
   esac
diff --git a/roles/quassel/templates/quassel.service.d.j2 b/roles/quassel/templates/quassel.service.d.j2
index 83f07cb54..acef3de49 100644
--- a/roles/quassel/templates/quassel.service.d.j2
+++ b/roles/quassel/templates/quassel.service.d.j2
@@ -1,6 +1,4 @@
 [Service]
 ExecStartPre=/usr/bin/truncate -s 0 /var/lib/quassel/.oidentd.conf
 ExecStart=
-ExecStart=/usr/bin/quasselcore --configdir=/var/lib/quassel --oidentd --syslog --require-ssl \
-    --ssl-cert=/etc/letsencrypt/live/{{ quassel_domain }}/fullchain.pem \
-    --ssl-key=/etc/letsencrypt/live/{{ quassel_domain }}/privkey.pem
+ExecStart=/usr/bin/quasselcore --configdir=/var/lib/quassel --oidentd --syslog --require-ssl
-- 
GitLab