kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-27 05:55:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
computer-playbook/roles/sys-ctl-mtn-cert-renew
History
Kevin Veen-Birkenbach 26b392ea76
refactor!: replace sys-systemctl with sys-service, add sys-daemon, and rename systemctl_* → system_service_* across repo 
- Swap role includes: sys-systemctl → sys-service in all roles
- Rename variables everywhere: systemctl_* → system_service_* (incl. systemctl_id → system_service_id)
- Templates: ExecStart now uses {{ system_service_script_exec }}; add optional RuntimeMaxSec via SYS_SERVICE_DEFAULT_RUNTIME
- Move SYS_SERVICE defaults into roles/sys-service/defaults (remove SYS_SERVICE_ALL_ENABLED & SYS_SERVICE_DEFAULT_STATE from group_vars/07_services.yml)
- Tidy group_vars/all/08_timer.yml formatting
- Introduce roles/sys-daemon:
  - default manager timeouts (timeouts.conf)
  - optional purge of /etc/systemd/system.conf.d
  - validation via systemd-analyze verify
  - handlers for daemon-reload & daemon-reexec
- Refactor sys-timer to system_service_* variables (docs and templates updated)
- Move filter_plugins/filetype.py under sys-service
- Update meta/README to point to official systemd docs
- Touch many roles (backup/cleanup/health/repair/certs/nginx/csp/wireguard/ssd-hdd/keyboard/update-docker/alarm compose/email/telegram/etc.) to new naming

BREAKING CHANGE:
- Role path/name change: use `sys-service` instead of `sys-systemctl`
- All `systemctl_*` vars are now `system_service_*` (e.g., on_calendar, state, timer_enabled, script_exec, id)
- If you have custom templates, adopt RuntimeMaxSec and new variable names

Chat context: https://chatgpt.com/share/68a47568-312c-800f-af3f-e98575446327
2025-08-19 15:00:44 +02:00
..
meta
Refactor systemctl services and categories due to alarm bugs
2025-08-18 13:35:43 +02:00
tasks
refactor!: replace sys-systemctl with sys-service, add sys-daemon, and rename systemctl_* → system_service_* across repo
2025-08-19 15:00:44 +02:00
templates
Refactor systemctl services and timers
2025-08-18 21:22:16 +02:00
vars
refactor!: replace sys-systemctl with sys-service, add sys-daemon, and rename systemctl_* → system_service_* across repo
2025-08-19 15:00:44 +02:00
README.md
Refactor systemctl services and categories due to alarm bugs
2025-08-18 13:35:43 +02:00

README.md

Nginx Certbot Automation

🔥 Description

This role automates the setup of an automatic Let's Encrypt certificate renewal system for Nginx using Certbot. It ensures that SSL/TLS certificates are renewed seamlessly in the background and that Nginx reloads automatically after successful renewals.

📖 Overview

Optimized for Archlinux systems, this role installs the certbot-nginx package, configures a dedicated systemd service for certificate renewal, and integrates with a sys-timer to schedule periodic renewals. After a renewal, Nginx is reloaded to apply the updated certificates immediately.

Key Features

  • Automatic Renewal: Schedules unattended certificate renewals using sys-timers.
  • Seamless Nginx Reload: Reloads the Nginx service automatically after successful renewals.
  • Systemd Integration: Manages renewal operations reliably with systemd and sys-ctl-alm-compose.
  • Quiet and Safe Operation: Uses --quiet and --agree-tos flags to ensure non-interactive renewals.

🎯 Purpose

The Nginx Certbot Automation role ensures that Let's Encrypt SSL/TLS certificates stay valid without manual intervention. It enhances the security and reliability of web services by automating certificate lifecycle management.

🚀 Features

  • Certbot-Nginx Package Installation: Installs required certbot plugins for Nginx.
  • Custom Systemd Service: Configures a lightweight, dedicated renewal service.
  • Timer Setup: Uses sys-timer to run certbot renewals periodically.
  • Failure Notification: Integrated with sys-ctl-alm-compose for alerting on failures.

🔗 Learn More