kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-12-07 09:56:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
eca7ffea3613c6b012f4194fdaf1a6dc1b630b0f
computer-playbook/roles/sys-ctl-mtn-cert-renew
History
Kevin Veen-Birkenbach 91d5ba35d1 Add container-aware execution logic and CI stability fixes 
- Introduce global IS_CONTAINER flag based on ansible_virtualization facts
- Skip systemd-based handlers and tasks when running inside containers
- Extend EXCLUDED_ROLES list in GitHub Actions test-deploy workflow
- Ensure docker.sock is mounted for all CI deploy stages
- Improve sys-svc-docker by suppressing service restarts inside containers
- Add meta: flush_handlers to properly trigger delayed docker restarts
- Update sys-service handlers with container guards
- Update sys-timer tasks to avoid systemctl inside CI containers
- Enhance drv-non-free role with Manjaro detection and mhwd fallback warning
- Skip swapfile generation in containers
- Minor service template fixes and cleanup in proxy.conf.j2

Details and discussion: https://chatgpt.com/share/6930a4ca-56f4-800f-9b3d-4791f040a03b
2025-12-03 22:00:18 +01:00
..
meta
Refactor systemctl services and categories due to alarm bugs
2025-08-18 13:35:43 +02:00
tasks
Removed redundancies and simplified run_once flag
2025-12-03 18:12:09 +01:00
templates
Add container-aware execution logic and CI stability fixes
2025-12-03 22:00:18 +01:00
vars
refactor!: replace sys-systemctl with sys-service, add sys-daemon, and rename systemctl_* → system_service_* across repo
2025-08-19 15:00:44 +02:00
README.md
Refactor systemctl services and categories due to alarm bugs
2025-08-18 13:35:43 +02:00

README.md

Nginx Certbot Automation

🔥 Description

This role automates the setup of an automatic Let's Encrypt certificate renewal system for Nginx using Certbot. It ensures that SSL/TLS certificates are renewed seamlessly in the background and that Nginx reloads automatically after successful renewals.

📖 Overview

Optimized for Archlinux systems, this role installs the certbot-nginx package, configures a dedicated systemd service for certificate renewal, and integrates with a sys-timer to schedule periodic renewals. After a renewal, Nginx is reloaded to apply the updated certificates immediately.

Key Features

  • Automatic Renewal: Schedules unattended certificate renewals using sys-timers.
  • Seamless Nginx Reload: Reloads the Nginx service automatically after successful renewals.
  • Systemd Integration: Manages renewal operations reliably with systemd and sys-ctl-alm-compose.
  • Quiet and Safe Operation: Uses --quiet and --agree-tos flags to ensure non-interactive renewals.

🎯 Purpose

The Nginx Certbot Automation role ensures that Let's Encrypt SSL/TLS certificates stay valid without manual intervention. It enhances the security and reliability of web services by automating certificate lifecycle management.

🚀 Features

  • Certbot-Nginx Package Installation: Installs required certbot plugins for Nginx.
  • Custom Systemd Service: Configures a lightweight, dedicated renewal service.
  • Timer Setup: Uses sys-timer to run certbot renewals periodically.
  • Failure Notification: Integrated with sys-ctl-alm-compose for alerting on failures.

🔗 Learn More

Reference in New Issue View Git Blame Copy Permalink