kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Another big round of refactoring and cleaning...

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-07-11 17:55:26 +02:00
parent aa61bf2a44
commit 168c5c0da6
323 changed files with 761 additions and 811 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
roles/srv-web-6-6-tls-renew/README.md
View File

@@ -6,12 +6,12 @@ This role automates the setup of an automatic [Let's Encrypt](https://letsencryp
## 📖 Overview
Optimized for Archlinux systems, this role installs the `certbot-nginx` package, configures a dedicated `systemd` service for certificate renewal, and integrates with a `gen-timer` to schedule periodic renewals. After a renewal, Nginx is reloaded to apply the updated certificates immediately.
Optimized for Archlinux systems, this role installs the `certbot-nginx` package, configures a dedicated `systemd` service for certificate renewal, and integrates with a `sys-timer` to schedule periodic renewals. After a renewal, Nginx is reloaded to apply the updated certificates immediately.
### Key Features
- **Automatic Renewal:** Schedules unattended certificate renewals using gen-timers.
- **Automatic Renewal:** Schedules unattended certificate renewals using sys-timers.
- **Seamless Nginx Reload:** Reloads the Nginx service automatically after successful renewals.
- **Systemd Integration:** Manages renewal operations reliably with `systemd` and `alert-compose`.
- **Systemd Integration:** Manages renewal operations reliably with `systemd` and `sys-alm-compose`.
- **Quiet and Safe Operation:** Uses `--quiet` and `--agree-tos` flags to ensure non-interactive renewals.
## 🎯 Purpose
@@ -22,8 +22,8 @@ The Nginx Certbot Automation role ensures that Let's Encrypt SSL/TLS certificate
- **Certbot-Nginx Package Installation:** Installs required certbot plugins for Nginx.
- **Custom Systemd Service:** Configures a lightweight, dedicated renewal service.
- **Timer Setup:** Uses gen-timer to run certbot renewals periodically.
- **Failure Notification:** Integrated with `alert-compose` for alerting on failures.
- **Timer Setup:** Uses sys-timer to run certbot renewals periodically.
- **Failure Notification:** Integrated with `sys-alm-compose` for alerting on failures.
## 🔗 Learn More

4
roles/srv-web-6-6-tls-renew/meta/main.yml
View File

@@ -29,5 +29,5 @@ galaxy_info:
dependencies:
- gen-certbot
- srv-web-7-4-core
- alert-compose
- cln-certs
- sys-alm-compose
- sys-cln-certs

4
roles/srv-web-6-6-tls-renew/tasks/main.yml
View File

@@ -17,9 +17,9 @@
service_name: "{{ role_name }}"
when: run_once_nginx_certbot is not defined
- name: "include role for gen-timer for {{service_name}}"
- name: "include role for sys-timer for {{service_name}}"
include_role:
name: gen-timer
name: sys-timer
vars:
on_calendar: "{{on_calendar_renew_lets_encrypt_certificates}}"
persistent: "true"

2
roles/srv-web-6-6-tls-renew/templates/srv-web-6-6-tls-renew.service.j2
View File

@@ -1,6 +1,6 @@
[Unit]
Description=Let's Encrypt renewal
OnFailure=alert-compose.cymais@%n.service
OnFailure=sys-alm-compose.cymais@%n.service
[Service]
Type=oneshot