From 8617c26a3cbe0a875ddff2617ec1c6a51a0fbf16 Mon Sep 17 00:00:00 2001
From: Philip Henning <mail@philip-henning.com>
Date: Sat, 18 Jul 2020 19:41:12 +0200
Subject: [PATCH 1/3] Fix Markdown table

---
 README.md | 58 +++++++++++++++++++++++++++----------------------------
 1 file changed, 29 insertions(+), 29 deletions(-)

diff --git a/README.md b/README.md
index 2ddac80..127cc6d 100644
--- a/README.md
+++ b/README.md
@@ -28,35 +28,35 @@ Install, configure and run dehydrated Let's Encrypt client
 
 ## Role Variables
 
-Variable | Function | Default
---- | --- | ---
-dehydrated_accept_letsencrypt_terms | Set to yes to automatically register and accept Let's Encrypt terms | no
-dehydrated_contactemail | E-Mail address (required) |
-dehydrated_account_key | If set, deploy this file containing pre-registered private key |
-dehydrated_domains | List of domains to request SSL certificates for |
-dehydrated_deploycert | Script to run to deploy a certificate (see below) |
-dehydrated_wellknown | Directory where to deploy http-01 challenges |
-dehydrated_install_root | Where to install dehydrated | /opt/dehydrated
-dehydrated_update | Update dehydrated sources on ansible run | yes
-dehydrated_version | Which version to check out from github | HEAD
-dehydrated_challengetype | Challenge to use (http-01, dns-01) | http-01
-dehydrated_use_lexicon | Enable the use of lexicon | yes if dehydrated_challengetype == dns-01 else no
-dehydrated_lexicon_dns | Options for running lexicon | {}
-dehydrated_hooks | Dict with hook-names for which to add scripts |
-dehydrated_hook_scripts | Add additional scripts to hooks-Directory | []
-dehydrated_key_algo | Keytype to generate (rsa, prime256v1, secp384r1) | rsa
-dehydrated_keysize | Size of Key (only for rsa Keys) | 4096
-dehydrated_ca | CA to use | https://acme-v02.api.letsencrypt.org/directory
-dehydrated_cronjob | Install cronjob for certificate renewals | yes
-dehydrated_systemd_timer | Use systemd timer for certificate renewals | no
-dehydrated_config_extra | Add arbitrary text to config |
-dehydrated_run_on_changes | If dehydrated should run if the list of domains changed | yes
-dehydrated_systemd_timer_onfailure | If set, an OnFailure-Directive will be added to the systemd unit |
-dehydrated_cert_config | Override configuration for certificates | []
-dehydrated_repo_url | Specify URL to git repository of dehydrated | https://github.com/dehydrated-io/dehydrated.git
-dehydrated_install_pip | Whether pip will be installed when using lexicon | yes
-dehydrated_pip_package | Name of pip package | python3-pip if ansible is running on python3, otherwise python-pip
-dehydrated_pip_executable | Name of pip executable to use | autodetected by pip module
+| Variable | Function | Default |
+|:---|:---|:---|
+| dehydrated_accept_letsencrypt_terms | Set to yes to automatically register and accept Let's Encrypt terms | no |
+| dehydrated_contactemail | E-Mail address (required) |
+| dehydrated_account_key | If set, deploy this file containing pre-registered private key |
+| dehydrated_domains | List of domains to request SSL certificates for |
+| dehydrated_deploycert | Script to run to deploy a certificate (see below) |
+| dehydrated_wellknown | Directory where to deploy http-01 challenges |
+| dehydrated_install_root | Where to install dehydrated | /opt/dehydrated |
+| dehydrated_update | Update dehydrated sources on ansible run | yes |
+| dehydrated_version | Which version to check out from github | HEAD |
+| dehydrated_challengetype | Challenge to use (http-01, dns-01) | http-01 |
+| dehydrated_use_lexicon | Enable the use of lexicon | yes if dehydrated_challengetype == dns-01 else no |
+| dehydrated_lexicon_dns | Options for running lexicon | {} |
+| dehydrated_hooks | Dict with hook-names for which to add scripts |
+| dehydrated_hook_scripts | Add additional scripts to hooks-Directory | [] |
+| dehydrated_key_algo | Keytype to generate (rsa, prime256v1, secp384r1) | rsa |
+| dehydrated_keysize | Size of Key (only for rsa Keys) | 4096 |
+| dehydrated_ca | CA to use | https://acme-v02.api.letsencrypt.org/directory |
+| dehydrated_cronjob | Install cronjob for certificate renewals | yes |
+| dehydrated_systemd_timer | Use systemd timer for certificate renewals | no |
+| dehydrated_config_extra | Add arbitrary text to config |
+| dehydrated_run_on_changes | If dehydrated should run if the list of domains changed | yes |
+| dehydrated_systemd_timer_onfailure | If set, an OnFailure-Directive will be added to the systemd unit |
+| dehydrated_cert_config | Override configuration for certificates | [] |
+| dehydrated_repo_url | Specify URL to git repository of dehydrated | https://github.com/dehydrated-io/dehydrated.git |
+| dehydrated_install_pip | Whether pip will be installed when using lexicon | yes |
+| dehydrated_pip_package | Name of pip package | python3-pip if ansible is running on python3, otherwise python-pip |
+| dehydrated_pip_executable | Name of pip executable to use | autodetected by pip module |
 
 ## Account registration
 

From d710e9416dbc3c488ceb354da260fd6841915cf7 Mon Sep 17 00:00:00 2001
From: Philip Henning <mail@philip-henning.com>
Date: Sat, 18 Jul 2020 19:45:04 +0200
Subject: [PATCH 2/3] Install lexicon within a venvi (#20)

Install lexicon within a venv to avoid conflicts with other python packages.
As advised by lexicon maintainers (<https://github.com/AnalogJ/lexicon#setup>).
---
 README.md                |  1 +
 defaults/main.yml        |  1 +
 tasks/dns-01-lexicon.yml | 22 ++++++++++++++++++++++
 3 files changed, 24 insertions(+)

diff --git a/README.md b/README.md
index 127cc6d..0644f63 100644
--- a/README.md
+++ b/README.md
@@ -41,6 +41,7 @@ Install, configure and run dehydrated Let's Encrypt client
 | dehydrated_version | Which version to check out from github | HEAD |
 | dehydrated_challengetype | Challenge to use (http-01, dns-01) | http-01 |
 | dehydrated_use_lexicon | Enable the use of lexicon | yes if dehydrated_challengetype == dns-01 else no |
+| dehydrated_lexicon_venv | Path to venv for lexicon | /opt/venvs/lexicon |
 | dehydrated_lexicon_dns | Options for running lexicon | {} |
 | dehydrated_hooks | Dict with hook-names for which to add scripts |
 | dehydrated_hook_scripts | Add additional scripts to hooks-Directory | [] |
diff --git a/defaults/main.yml b/defaults/main.yml
index 93f0efc..7f1d245 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -14,6 +14,7 @@ dehydrated_keysize: 4096
 dehydrated_ca: "https://acme-v02.api.letsencrypt.org/directory"
 dehydrated_cronjob: yes
 dehydrated_use_lexicon: "{{ dehydrated_challengetype == 'dns-01' }}"
+dehydrated_lexicon_venv: "/opt/venvs/lexicon"
 dehydrated_run_on_changes: yes
 dehydrated_systemd_timer: no
 dehydrated_hook_scripts: []
diff --git a/tasks/dns-01-lexicon.yml b/tasks/dns-01-lexicon.yml
index d78a8ef..fa0811c 100644
--- a/tasks/dns-01-lexicon.yml
+++ b/tasks/dns-01-lexicon.yml
@@ -4,10 +4,32 @@
     name: "{{ dehydrated_pip_package }}"
   when: dehydrated_install_pip
 
+- name: Ensure virtualenv is installed
+  pip:
+    name: virtualenv
+    executable: "{{ dehydrated_pip_executable|default(omit) }}"
+
 - name: Install dns-lexicon
   pip:
     name: dns-lexicon
     executable: "{{ dehydrated_pip_executable|default(omit) }}"
+    virtualenv: "{{ dehydrated_lexicon_venv }}"
+
+- name: Link lexicon executables to /usr/local/bin
+  file:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: root
+    group: root
+    state: link
+  with_items:
+    - { src: "{{ dehydrated_lexicon_venv }}/bin/chardetect", dest: "{{ lexicon_path }}/chardetect" }
+    - { src: "{{ dehydrated_lexicon_venv }}/bin/futurize", dest: "{{ lexicon_path }}/futurize" }
+    - { src: "{{ dehydrated_lexicon_venv }}/bin/lexicon", dest: "{{ lexicon_path }}/lexicon" }
+    - { src: "{{ dehydrated_lexicon_venv }}/bin/pasteurize", dest: "{{ lexicon_path }}/pasteurize " }
+    - { src: "{{ dehydrated_lexicon_venv }}/bin/tldextract", dest: "{{ lexicon_path }}/tldextract" }
+  vars:
+    lexicon_path: '/usr/local/bin'
 
 - name: Copy hook script
   copy:

From 269af18bb890cefa06f2cc6f0b84b8248685c333 Mon Sep 17 00:00:00 2001
From: Philip Henning <mail@philip-henning.com>
Date: Sat, 18 Jul 2020 23:46:21 +0200
Subject: [PATCH 3/3] Handle stone old python2 on ubuntu 16.04

---
 tasks/dns-01-lexicon.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/tasks/dns-01-lexicon.yml b/tasks/dns-01-lexicon.yml
index fa0811c..32bbaac 100644
--- a/tasks/dns-01-lexicon.yml
+++ b/tasks/dns-01-lexicon.yml
@@ -4,6 +4,22 @@
     name: "{{ dehydrated_pip_package }}"
   when: dehydrated_install_pip
 
+- name: Upgrade pip to latest version
+  pip:
+    name: pip
+    extra_args: --upgrade
+    executable: "{{ dehydrated_pip_executable|default(omit) }}"
+  when: dehydrated_pip_package is match("python-pip")
+
+- name: Install python2 dependencies
+  pip:
+    name: [
+      zipp==1.2.0,
+      setuptools==44.1.1
+    ]
+    executable: "{{ dehydrated_pip_executable|default(omit) }}"
+  when: dehydrated_pip_package is match("python-pip")
+
 - name: Ensure virtualenv is installed
   pip:
     name: virtualenv