diff options
| author | Dmitry Ilvokhin <d@ilvokhin.com> | 2024-03-31 12:34:38 +0100 |
|---|---|---|
| committer | Dmitry Ilvokhin <d@ilvokhin.com> | 2024-03-31 12:34:38 +0100 |
| commit | dae57df8d747bb602ab9ef13007949b43e88df10 (patch) | |
| tree | 5c66052fde099010d3b301d170ed701372992ee5 /roles | |
| parent | 6e0016c49083fee6a1c6835f8446e5e102e841fc (diff) | |
| download | infra-dae57df8d747bb602ab9ef13007949b43e88df10.tar.gz infra-dae57df8d747bb602ab9ef13007949b43e88df10.tar.bz2 infra-dae57df8d747bb602ab9ef13007949b43e88df10.zip | |
Migrate to certbot hook scripts
Make hooks usage a bit more generic, to apply hooks for services
different from nginx.
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/certbot/files/certbot.service | 2 | ||||
| -rw-r--r-- | roles/nginx/files/nginx.sh | 3 | ||||
| -rw-r--r-- | roles/nginx/tasks/main.yml | 8 |
3 files changed, 12 insertions, 1 deletions
diff --git a/roles/certbot/files/certbot.service b/roles/certbot/files/certbot.service index bea307c..26cf2fd 100644 --- a/roles/certbot/files/certbot.service +++ b/roles/certbot/files/certbot.service @@ -3,4 +3,4 @@ Description=Let's Encrypt renewal [Service] Type=oneshot -ExecStart=/usr/bin/certbot renew --agree-tos --deploy-hook "systemctl reload nginx" +ExecStart=/usr/bin/certbot renew --agree-tos diff --git a/roles/nginx/files/nginx.sh b/roles/nginx/files/nginx.sh new file mode 100644 index 0000000..ca022f8 --- /dev/null +++ b/roles/nginx/files/nginx.sh @@ -0,0 +1,3 @@ +#! /bin/sh + +systemctl reload nginx diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index acfb8c1..8c32be3 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -48,3 +48,11 @@ name: nginx enabled: yes state: started + +- name: Copy nginx certificate renewal hook + ansible.builtin.copy: + src: files/nginx.sh + dest: /etc/letsencrypt/renewal-hooks/deploy/nginx.sh + owner: root + group: root + mode: u+rwx,g+r,o+r |