Refactored native-

2025-09-03 17:06:02 +02:00 · 2023-09-02 13:13:28 +02:00
parent c11333be9a
commit 96b0d10ea8
169 changed files with 94 additions and 94 deletions
--- a/roles/certbot-nginx/handlers/main.yml
+++ b/roles/certbot-nginx/handlers/main.yml
@@ -0,0 +1,12 @@
+- name: "reload certbot service"
+  systemd:
+    name: certbot.service
+    state: reloaded
+    enabled: yes
+    daemon_reload: yes
+- name: "restart certbot timer"
+  systemd:
+    name: certbot.timer
+    state: restarted
+    enabled: yes
+    daemon_reload: yes
--- a/roles/certbot-nginx/meta/main.yml
+++ b/roles/certbot-nginx/meta/main.yml
@@ -0,0 +1,3 @@
+dependencies:
+- nginx
+- systemd_notifier
--- a/roles/certbot-nginx/tasks/main.yml
+++ b/roles/certbot-nginx/tasks/main.yml
@@ -0,0 +1,16 @@
+- name: install certbot
+  pacman:
+    name: [certbot,certbot-nginx]
+    state: present
+
+- name: configure certbot.service.tpl
+  template: 
+    src:  certbot.service.j2
+    dest: /etc/systemd/system/certbot.service
+  notify: reload certbot service
+
+- name: configure certbot.timer.tpl
+  template:
+    src:  certbot.timer.j2
+    dest: /etc/systemd/system/certbot.timer
+  notify: restart certbot timer
--- a/roles/certbot-nginx/templates/certbot.service.j2
+++ b/roles/certbot-nginx/templates/certbot.service.j2
@@ -0,0 +1,8 @@
+[Unit]
+Description=Let's Encrypt renewal
+OnFailure=systemd-notifier@%n.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/certbot renew --quiet --agree-tos
+ExecStartPost=/bin/systemctl reload nginx.service
--- a/roles/certbot-nginx/templates/certbot.timer.j2
+++ b/roles/certbot-nginx/templates/certbot.timer.j2
@@ -0,0 +1,10 @@
+[Unit]
+Description=Renewal of Let's Encrypt's certificates
+
+[Timer]
+OnCalendar=0/12:00:00
+RandomizedDelaySec={{randomized_delay_sec}}
+Persistent=true
+
+[Install]
+WantedBy=timers.target