- Added MODE_BACKUP to trigger backup before the rest of the deployment - sys-ctl-bkp-docker-2-loc: force linear sync and force flush when MODE_BACKUP is true - Unified name resolution via system_service_name across handlers and tasks - Introduced system_service_force_linear_sync and system_service_force_flush (rename from system_force_flush) - Drive async/poll via system_service_async/system_service_poll using omit when disabled - Propagated per-role overrides (cleanup, repair, cert tasks) for clarity and safety - Minor formatting and consistency cleanups Why: Ensure the backup runs before the deployment routine to safeguard data integrity. Refs: Conversation https://chatgpt.com/share/68de4c41-b6e4-800f-85cd-ce6949097b5e Signed-off-by: Kevin Veen-Birkenbach <kevin@veen.world>
Nginx Certbot Automation
🔥 Description
This role automates the setup of an automatic Let's Encrypt certificate renewal system for Nginx using Certbot. It ensures that SSL/TLS certificates are renewed seamlessly in the background and that Nginx reloads automatically after successful renewals.
📖 Overview
Optimized for Archlinux systems, this role installs the certbot-nginx package, configures a dedicated systemd service for certificate renewal, and integrates with a sys-timer to schedule periodic renewals. After a renewal, Nginx is reloaded to apply the updated certificates immediately.
Key Features
- Automatic Renewal: Schedules unattended certificate renewals using sys-timers.
- Seamless Nginx Reload: Reloads the Nginx service automatically after successful renewals.
- Systemd Integration: Manages renewal operations reliably with systemdandsys-ctl-alm-compose.
- Quiet and Safe Operation: Uses --quietand--agree-tosflags to ensure non-interactive renewals.
🎯 Purpose
The Nginx Certbot Automation role ensures that Let's Encrypt SSL/TLS certificates stay valid without manual intervention. It enhances the security and reliability of web services by automating certificate lifecycle management.
🚀 Features
- Certbot-Nginx Package Installation: Installs required certbot plugins for Nginx.
- Custom Systemd Service: Configures a lightweight, dedicated renewal service.
- Timer Setup: Uses sys-timer to run certbot renewals periodically.
- Failure Notification: Integrated with sys-ctl-alm-composefor alerting on failures.