kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-09 18:28:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
computer-playbook/roles/sys-ctl-mtn-cert-renew
History
Kevin Veen-Birkenbach 23353ac878 infra(sys-service): centralize async control + pre-deploy backup safeguard 
- Added MODE_BACKUP to trigger backup before the rest of the deployment

- sys-ctl-bkp-docker-2-loc: force linear sync and force flush when MODE_BACKUP is true

- Unified name resolution via system_service_name across handlers and tasks

- Introduced system_service_force_linear_sync and system_service_force_flush (rename from system_force_flush)

- Drive async/poll via system_service_async/system_service_poll using omit when disabled

- Propagated per-role overrides (cleanup, repair, cert tasks) for clarity and safety

- Minor formatting and consistency cleanups

Why: Ensure the backup runs before the deployment routine to safeguard data integrity.

Refs: Conversation https://chatgpt.com/share/68de4c41-b6e4-800f-85cd-ce6949097b5e
Signed-off-by: Kevin Veen-Birkenbach <kevin@veen.world>
2025-10-02 11:58:23 +02:00
..
meta
Refactor systemctl services and categories due to alarm bugs
2025-08-18 13:35:43 +02:00
tasks
infra(sys-service): centralize async control + pre-deploy backup safeguard
2025-10-02 11:58:23 +02:00
templates
Refactor systemctl services and timers
2025-08-18 21:22:16 +02:00
vars
refactor!: replace sys-systemctl with sys-service, add sys-daemon, and rename systemctl_* → system_service_* across repo
2025-08-19 15:00:44 +02:00
README.md
Refactor systemctl services and categories due to alarm bugs
2025-08-18 13:35:43 +02:00

README.md

Nginx Certbot Automation

🔥 Description

This role automates the setup of an automatic Let's Encrypt certificate renewal system for Nginx using Certbot. It ensures that SSL/TLS certificates are renewed seamlessly in the background and that Nginx reloads automatically after successful renewals.

📖 Overview

Optimized for Archlinux systems, this role installs the certbot-nginx package, configures a dedicated systemd service for certificate renewal, and integrates with a sys-timer to schedule periodic renewals. After a renewal, Nginx is reloaded to apply the updated certificates immediately.

Key Features

  • Automatic Renewal: Schedules unattended certificate renewals using sys-timers.
  • Seamless Nginx Reload: Reloads the Nginx service automatically after successful renewals.
  • Systemd Integration: Manages renewal operations reliably with systemd and sys-ctl-alm-compose.
  • Quiet and Safe Operation: Uses --quiet and --agree-tos flags to ensure non-interactive renewals.

🎯 Purpose

The Nginx Certbot Automation role ensures that Let's Encrypt SSL/TLS certificates stay valid without manual intervention. It enhances the security and reliability of web services by automating certificate lifecycle management.

🚀 Features

  • Certbot-Nginx Package Installation: Installs required certbot plugins for Nginx.
  • Custom Systemd Service: Configures a lightweight, dedicated renewal service.
  • Timer Setup: Uses sys-timer to run certbot renewals periodically.
  • Failure Notification: Integrated with sys-ctl-alm-compose for alerting on failures.

🔗 Learn More