Refactored nginx-cert-deploy-to-docker in preparation for nginx

2025-08-29 15:06:26 +02:00 · 2025-01-21 16:00:57 +01:00
parent 936fdbad66
commit e55b37b54e
12 changed files with 77 additions and 52 deletions
--- a/roles/docker-mailu/handlers/main.yml
+++ b/roles/docker-mailu/handlers/main.yml
@@ -1,7 +0,0 @@
---
- name: "restart deploy-letsencrypt-mailu.cymais.service"
-  systemd:
-    name: deploy-letsencrypt-mailu.cymais.service
-    state: restarted
-    enabled: yes
-    daemon_reload: yes
--- a/roles/docker-mailu/meta/main.yml
+++ b/roles/docker-mailu/meta/main.yml
@@ -1,2 +0,0 @@
-dependencies:
- systemd-notifier
--- a/roles/docker-mailu/tasks/main.yml
+++ b/roles/docker-mailu/tasks/main.yml
@@ -7,15 +7,9 @@
  vars:
    nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size 31M;"

- name: "create {{path_docker_compose_instances}}mailu"
+- name: "create {{docker_compose_instance_directory}}"
  file:
-    path: "{{path_docker_compose_instances}}mailu"
-    state: directory
-    mode: 0755
-
- name: "create {{path_administrator_scripts}}mailu"
-  file:
-    path: "{{path_administrator_scripts}}mailu"
+    path: "{{docker_compose_instance_directory}}"
    state: directory
    mode: 0755

@@ -25,11 +19,9 @@
    state: directory
    mode: 0755

- name: "create /etc/mailu/certs"
-  file:
-    path: "/etc/mailu/certs"
-    state: directory
-    mode: 0755
+- name: "Include the nginx-docker-cert-deploy role"
+  include_role:
+    name: nginx-docker-cert-deploy

 - name: add docker-compose.yml
  template: 
@@ -43,25 +35,6 @@
    dest: "{{docker_compose_instance_directory}}mailu.env"
  notify: docker compose project setup

- name: add deploy-letsencrypt-mailu.sh
-  template: 
-    src: "deploy-letsencrypt-mailu.sh.j2" 
-    dest: "{{path_administrator_scripts}}mailu/deploy-letsencrypt-mailu.sh"
-
- name: configure deploy-letsencrypt-mailu.cymais.service
-  template: 
-    src:  "deploy-letsencrypt-mailu.service.j2"
-    dest: "/etc/systemd/system/deploy-letsencrypt-mailu.cymais.service"
-  notify: restart deploy-letsencrypt-mailu.cymais.service
-
- name: "include role for systemd-timer for {{service_name}}"
-  include_role:
-    name: systemd-timer
-  vars:
-    on_calendar:  "{{on_calendar_deploy_mailu_certificates}}"
-    service_name: "deploy-letsencrypt-mailu"
-    persistent:   "true"
-
 - name: flush docker service
  meta: flush_handlers
  when: mode_setup |bool 
--- a/roles/docker-mailu/templates/deploy-letsencrypt-mailu.service.j2
+++ b/roles/docker-mailu/templates/deploy-letsencrypt-mailu.service.j2
@@ -1,7 +0,0 @@
-[Unit]
-Description=Let's Encrypt Mailu Deploy
-OnFailure=systemd-notifier.cymais@%n.service
-
-[Service]
-Type=oneshot
-ExecStart=/usr/bin/bash {{path_administrator_scripts}}mailu/deploy-letsencrypt-mailu.sh
--- a/roles/docker-mailu/templates/deploy-letsencrypt-mailu.sh.j2
+++ b/roles/docker-mailu/templates/deploy-letsencrypt-mailu.sh.j2
@@ -1,4 +0,0 @@
-#!/bin/sh
-cp /etc/letsencrypt/live/{{domain}}/privkey.pem /etc/mailu/certs/key.pem || exit 1
-cp /etc/letsencrypt/live/{{domain}}/fullchain.pem /etc/mailu/certs/cert.pem || exit 1
-cd {{docker_compose_instance_directory}} && docker compose exec front nginx -s reload || exit 1
--- a/roles/docker-mailu/templates/docker-compose.yml.j2
+++ b/roles/docker-mailu/templates/docker-compose.yml.j2
@@ -32,7 +32,7 @@ services:
      - "{{ ip4_address }}:4190:4190"
    volumes:
      - "/etc/mailu/overrides/nginx:/overrides:ro"
-      - "/etc/mailu/certs:/certs"
+      - "{{docker_compose_instance_directory}}/certs/:/certs"
 {% include 'templates/docker/container/depends-on-also-database.yml.j2' %}
      resolver:
        condition: service_started