104 lines
3.0 KiB
Markdown
Raw Normal View History

2025-01-21 16:18:35 +01:00
# Nginx Docker Cert Deploy Role
🎉 **Author**: Kevin Veen-Birkenbach ([veen.world](https://www.veen.world))
This Ansible role simplifies the deployment of Let's Encrypt certificates into Docker Compose setups with Nginx. It ensures that certificates are copied, directories are created, and Nginx services are reloaded or restarted as needed.
---
## 🚀 **Features**
- Copies Let's Encrypt certificates to the target directory.
- Automatically reloads or restarts Nginx services in all Docker Compose containers.
- Configures and manages a `systemd` service for automated deployment.
- Supports periodic execution via a `systemd` timer.
- Handles dependent services like `systemd-notifier`.
---
## 🔧 **Variables**
The following variables can be customized:
| Variable | Description | Default Value |
|-----------------------------------|------------------------------------------------|-----------------------------------------|
| `cert_mount_directory` | Target directory to mount certificates. | `{{docker_compose_instance_directory}}/certs/` |
| `nginx_docker_cert_deploy_script` | Path to the deployment script. | `{{path_administrator_scripts}}nginx-docker-cert-deploy.sh` |
| `docker_compose_project_name` | Name of the Docker Compose project. | None (must be defined in playbook) |
| `on_calendar_deploy_certificates` | `systemd` timer schedule for certificate updates. | None (must be defined in playbook) |
---
## 📋 **Tasks Overview**
### Main Tasks
1. **Add Deployment Script**:
Copies the `nginx-docker-cert-deploy.sh` script to the administrator scripts directory.
2. **Create Certificate Directory**:
Ensures the `cert_mount_directory` exists with proper permissions.
3. **Configure Systemd Service**:
Deploys a `systemd` service file for the deployment process.
4. **Include `systemd-timer` Role**:
Schedules automatic deployment tasks using a `systemd` timer.
### Handlers
- **Restart Service**:
Restarts the `nginx-docker-cert-deploy` service when configuration changes.
---
## 📂 **File Structure**
```
roles/
nginx-docker-cert-deploy/
vars/
main.yml
handlers/
main.yml
files/
nginx-docker-cert-deploy.sh
tasks/
main.yml
templates/
nginx-docker-cert-deploy.service.j2
meta/
main.yml
```
---
## 📖 **Usage Example**
Here's an example of how to use this role in your playbook:
```yaml
- name: Deploy Let's Encrypt certificates to Docker Compose
hosts: all
roles:
- role: nginx-docker-cert-deploy
vars:
domain: "example.com"
docker_compose_instance_directory: "/home/administrator/docker-compose/nginx"
docker_compose_project_name: "nginx"
on_calendar_deploy_certificates: "daily"
```
---
## 🛠️ **Dependencies**
This role depends on:
- `systemd-notifier`: Notifies about failures in the `systemd` service.
---
Feel free to contribute, report issues, or suggest improvements! 😊