Refactored nginx-cert-deploy-to-docker in preparation for nginx

group_vars/all

@@ -65,7 +65,7 @@ on_calendar_backup_remote_to_local:           "*-*-* 21:30:00"
 ## Schedule for Maintenance Tasks
 on_calendar_heal_docker:                      "*-*-* {{ hours_server_awake }}:30:00"  # Heal unhealthy docker instances once per hour
 on_calendar_renew_lets_encrypt_certificates:  "*-*-* 12,00:30:00"                     # Renew Mailu certificates twice per day
-on_calendar_deploy_mailu_certificates:        "*-*-* 13,01:30:00"                     # Deploy Mailu certificates twice per day
+on_calendar_deploy_certificates:              "*-*-* 13,01:30:00"                     # Deploy letsencrypt certificates twice per day to docker containers
 on_calendar_msi_keyboard_color:               "*-*-* *:*:00"                          # Change the keyboard color every minute
 on_calendar_cleanup_failed_docker:            "*-*-* 12:00:00"                        # Clean up failed docker backups every noon
 on_calendar_btrfs_auto_balancer:              "Sat *-*-01..07 00:00:00"               # Execute btrfs auto balancer every first Saturday of a month

roles/docker-mailu/handlers/main.yml

@@ -1,7 +0,0 @@
----
-- name: "restart deploy-letsencrypt-mailu.cymais.service"
-  systemd:
-    name: deploy-letsencrypt-mailu.cymais.service
-    state: restarted
-    enabled: yes
-    daemon_reload: yes

roles/docker-mailu/tasks/main.yml

@@ -7,15 +7,9 @@
   vars:
     nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size 31M;"
 
-- name: "create {{path_docker_compose_instances}}mailu"
+- name: "create {{docker_compose_instance_directory}}"
   file:
-    path: "{{path_docker_compose_instances}}mailu"
+    path: "{{docker_compose_instance_directory}}"
-    state: directory
-    mode: 0755
-
-- name: "create {{path_administrator_scripts}}mailu"
-  file:
-    path: "{{path_administrator_scripts}}mailu"
     state: directory
     mode: 0755
 
@@ -25,11 +19,9 @@
     state: directory
     mode: 0755
 
-- name: "create /etc/mailu/certs"
+- name: "Include the nginx-docker-cert-deploy role"
-  file:
+  include_role:
-    path: "/etc/mailu/certs"
+    name: nginx-docker-cert-deploy
-    state: directory
-    mode: 0755
 
 - name: add docker-compose.yml
   template: 
@@ -43,25 +35,6 @@
     dest: "{{docker_compose_instance_directory}}mailu.env"
   notify: docker compose project setup
 
-- name: add deploy-letsencrypt-mailu.sh
-  template: 
-    src: "deploy-letsencrypt-mailu.sh.j2" 
-    dest: "{{path_administrator_scripts}}mailu/deploy-letsencrypt-mailu.sh"
-
-- name: configure deploy-letsencrypt-mailu.cymais.service
-  template: 
-    src:  "deploy-letsencrypt-mailu.service.j2"
-    dest: "/etc/systemd/system/deploy-letsencrypt-mailu.cymais.service"
-  notify: restart deploy-letsencrypt-mailu.cymais.service
-
-- name: "include role for systemd-timer for {{service_name}}"
-  include_role:
-    name: systemd-timer
-  vars:
-    on_calendar:  "{{on_calendar_deploy_mailu_certificates}}"
-    service_name: "deploy-letsencrypt-mailu"
-    persistent:   "true"
-
 - name: flush docker service
   meta: flush_handlers
   when: mode_setup |bool 

roles/docker-mailu/templates/deploy-letsencrypt-mailu.service.j2

@@ -1,7 +0,0 @@
-[Unit]
-Description=Let's Encrypt Mailu Deploy
-OnFailure=systemd-notifier.cymais@%n.service
-
-[Service]
-Type=oneshot
-ExecStart=/usr/bin/bash {{path_administrator_scripts}}mailu/deploy-letsencrypt-mailu.sh

roles/docker-mailu/templates/deploy-letsencrypt-mailu.sh.j2

@@ -1,4 +0,0 @@
-#!/bin/sh
-cp /etc/letsencrypt/live/{{domain}}/privkey.pem /etc/mailu/certs/key.pem || exit 1
-cp /etc/letsencrypt/live/{{domain}}/fullchain.pem /etc/mailu/certs/cert.pem || exit 1
-cd {{docker_compose_instance_directory}} && docker compose exec front nginx -s reload || exit 1

roles/docker-mailu/templates/docker-compose.yml.j2

@@ -32,7 +32,7 @@ services:
       - "{{ ip4_address }}:4190:4190"
     volumes:
       - "/etc/mailu/overrides/nginx:/overrides:ro"
-      - "/etc/mailu/certs:/certs"
+      - "{{docker_compose_instance_directory}}/certs/:/certs"
 {% include 'templates/docker/container/depends-on-also-database.yml.j2' %}
       resolver:
         condition: service_started

roles/nginx-docker-cert-deploy/files/nginx-docker-cert-deploy.sh

@@ -0,0 +1,24 @@
+#!/bin/sh
+
+# Check if the necessary parameters are provided
+if [ "$#" -ne 2 ]; then
+    echo "Usage: $0 <domain> <docker_compose_instance_directory>"
+    exit 1
+fi
+
+# Assign parameters
+domain="$1"
+docker_compose_instance_directory="$2"
+
+# Copy certificates
+cp "/etc/letsencrypt/live/$domain/privkey.pem" "$docker_compose_instance_directory/certs/key.pem" || exit 1
+cp "/etc/letsencrypt/live/$domain/fullchain.pem" $docker_compose_instance_directory/certs/cert.pem || exit 1
+
+# Reload Nginx in all containers within the Docker Compose setup
+cd "$docker_compose_instance_directory" || exit 1
+docker compose ps --services | while read -r service; do
+    docker compose exec "$service" nginx -s reload && exit 0
+done
+
+# Restart all docker containers if no nginx reload is possible
+docker compose restart || exit 1

roles/nginx-docker-cert-deploy/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+- name: "restart nginx-docker-cert-deploy.cymais.service"
+  systemd:
+    name:           nginx-docker-cert-deploy.{{domain}}.cymais.service
+    state:          restarted
+    enabled:        yes
+    daemon_reload:  yes

roles/nginx-docker-cert-deploy/tasks/main.yml

@@ -0,0 +1,30 @@
+- name: add nginx-docker-cert-deploy.sh
+  copy: 
+    src: "nginx-docker-cert-deploy.sh" 
+    dest: "{{nginx_docker_cert_deploy_script}}"
+  when: run_once_nginx_docker_cert_deploy is not defined
+
+- name: run the nginx_docker_cert_deploy tasks once
+  set_fact:
+    run_once_backup_directory_validator: true
+  when: run_once_nginx_docker_cert_deploy is not defined
+
+- name: "create {{cert_mount_directory}}"
+  file:
+    path:     "{{cert_mount_directory}}"
+    state:    directory
+    mode:     0755
+
+- name: configure nginx-docker-cert-deploy.cymais.service
+  template: 
+    src:  "nginx-docker-cert-deploy.service.j2"
+    dest: "/etc/systemd/system/nginx-docker-cert-deploy.{{docker_compose_project_name}}.cymais.service"
+  notify: restart nginx-docker-cert-deploy.cymais.service
+
+- name: "include role for systemd-timer for {{service_name}}"
+  include_role:
+    name: systemd-timer
+  vars:
+    on_calendar:  "{{on_calendar_deploy_certificates}}"
+    service_name: "nginx-docker-cert-deploy.{{docker_compose_project_name}}"
+    persistent:   "true"

roles/nginx-docker-cert-deploy/templates/nginx-docker-cert-deploy.service.j2

@@ -0,0 +1,7 @@
+[Unit]
+Description=Let's Encrypt deploy to {{docker_compose_instance_directory}}
+OnFailure=systemd-notifier.cymais@%n.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/bash {{path_administrator_scripts}}/nginx-docker-cert-deploy.sh {{domain}} {{docker_compose_instance_directory}}

roles/nginx-docker-cert-deploy/vars/main.yml

@@ -0,0 +1,2 @@
+cert_mount_directory:             "{{docker_compose_instance_directory}}/certs/"
+nginx_docker_cert_deploy_script:  "{{path_administrator_scripts}}nginx-docker-cert-deploy.sh"