Refactored nginx-cert-deploy-to-docker in preparation for nginx

2025-08-29 15:06:26 +02:00 · 2025-01-21 16:00:57 +01:00
parent 936fdbad66
commit e55b37b54e
12 changed files with 77 additions and 52 deletions
--- a/roles/nginx-docker-cert-deploy/files/nginx-docker-cert-deploy.sh
+++ b/roles/nginx-docker-cert-deploy/files/nginx-docker-cert-deploy.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+# Check if the necessary parameters are provided
+if [ "$#" -ne 2 ]; then
+    echo "Usage: $0 <domain> <docker_compose_instance_directory>"
+    exit 1
+fi
+
+# Assign parameters
+domain="$1"
+docker_compose_instance_directory="$2"
+
+# Copy certificates
+cp "/etc/letsencrypt/live/$domain/privkey.pem" "$docker_compose_instance_directory/certs/key.pem" || exit 1
+cp "/etc/letsencrypt/live/$domain/fullchain.pem" $docker_compose_instance_directory/certs/cert.pem || exit 1
+
+# Reload Nginx in all containers within the Docker Compose setup
+cd "$docker_compose_instance_directory" || exit 1
+docker compose ps --services | while read -r service; do
+    docker compose exec "$service" nginx -s reload && exit 0
+done
+
+# Restart all docker containers if no nginx reload is possible
+docker compose restart || exit 1
--- a/roles/nginx-docker-cert-deploy/handlers/main.yml
+++ b/roles/nginx-docker-cert-deploy/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+- name: "restart nginx-docker-cert-deploy.cymais.service"
+  systemd:
+    name:           nginx-docker-cert-deploy.{{domain}}.cymais.service
+    state:          restarted
+    enabled:        yes
+    daemon_reload:  yes
--- a/roles/nginx-docker-cert-deploy/meta/main.yml
+++ b/roles/nginx-docker-cert-deploy/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+- systemd-notifier
--- a/roles/nginx-docker-cert-deploy/tasks/main.yml
+++ b/roles/nginx-docker-cert-deploy/tasks/main.yml
@@ -0,0 +1,30 @@
+- name: add nginx-docker-cert-deploy.sh
+  copy: 
+    src: "nginx-docker-cert-deploy.sh" 
+    dest: "{{nginx_docker_cert_deploy_script}}"
+  when: run_once_nginx_docker_cert_deploy is not defined
+
+- name: run the nginx_docker_cert_deploy tasks once
+  set_fact:
+    run_once_backup_directory_validator: true
+  when: run_once_nginx_docker_cert_deploy is not defined
+
+- name: "create {{cert_mount_directory}}"
+  file:
+    path:     "{{cert_mount_directory}}"
+    state:    directory
+    mode:     0755
+
+- name: configure nginx-docker-cert-deploy.cymais.service
+  template: 
+    src:  "nginx-docker-cert-deploy.service.j2"
+    dest: "/etc/systemd/system/nginx-docker-cert-deploy.{{docker_compose_project_name}}.cymais.service"
+  notify: restart nginx-docker-cert-deploy.cymais.service
+
+- name: "include role for systemd-timer for {{service_name}}"
+  include_role:
+    name: systemd-timer
+  vars:
+    on_calendar:  "{{on_calendar_deploy_certificates}}"
+    service_name: "nginx-docker-cert-deploy.{{docker_compose_project_name}}"
+    persistent:   "true"
--- a/roles/nginx-docker-cert-deploy/templates/nginx-docker-cert-deploy.service.j2
+++ b/roles/nginx-docker-cert-deploy/templates/nginx-docker-cert-deploy.service.j2
@@ -0,0 +1,7 @@
+[Unit]
+Description=Let's Encrypt deploy to {{docker_compose_instance_directory}}
+OnFailure=systemd-notifier.cymais@%n.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/bash {{path_administrator_scripts}}/nginx-docker-cert-deploy.sh {{domain}} {{docker_compose_instance_directory}}
--- a/roles/nginx-docker-cert-deploy/vars/main.yml
+++ b/roles/nginx-docker-cert-deploy/vars/main.yml
@@ -0,0 +1,2 @@
+cert_mount_directory:             "{{docker_compose_instance_directory}}/certs/"
+nginx_docker_cert_deploy_script:  "{{path_administrator_scripts}}nginx-docker-cert-deploy.sh"